Archetyp Links

Subscribe to Canaltech's newsletter and receive news and reviews about firsthand technology. Bitdefender security researchers have monitored a persistent hacker campaign from 2024 and diversifying their performance: starting with Facebook Ads, the blow promises free access to the premium version of the trading platform and trading financial market monitoring.Now, a hacker activity has also been seen on Youtube and Google Ads. The attack, according to analysis, has several layers, as hackers have invaded Google's advertiser from a Norway design agency to convey fake advertising on YouTube.The entire channel had the content deleted and replaced by a visual identity that imitated TradingView, also having the video platform check seal, helping to give legitimacy. Elaborated advertising coup Canaltech is on WhatsApp!Enter the channel and follow news and technology tips WhatsApp Continues after advertising The modification of the stolen YouTube channel was complete, using Logos, banners and visual elements of True TradingView, even linking playlists from the original channel, although without its own videos.All videos were not listed and the channel recorded only 96 public views, also using a different @. A fake video, called “Free Trading View Premium - Secret Method they don't want you to know” has raised over 182,000 views with aggressive advertising campaigns. In the video itself, only content was displayed by mentioning the capabilities of the TradingView app, but the description contained the download link for a malicious executable.Since the video was not listed, it did not appear on search, and prevented users from reporting the video or the platform moderating the content.To have access to the channel, it is likely that someone on the team has fallen into a phishing email. Experts have noticed evolutions in malware itself, which now includes a large 700 MB file, used to download viruses - size prevents automated analyzes noticing the threat.It also checks whether the computer uses virtual machine or other security measures by classifying the user as a valid target or not.If not target, the individual was redirected to a benign page. Evolutionary virus Before using simple http refusions, now the virus uses webSockets, overshadowing front end scripts to make antivirus investigation difficult and professionals in the field.The code, in the end, used the file https://jimmywarting.github.io/streamsaver.js to deliver the virus to the user, plus Posthog and various advertising applications to reach victims, from Google to Microsoft and AdproFex. Continues after advertising Before using an installler.exe, the virus also started to work with the edgeresourcesinstallerv12-assg task, which added exceptions to Windows Defender to avoid detection.The final file is called Trojan.agent.gosl, also known as Jsceal or Weevilproxy, who steals user sensitive files and has remote access capabilities. With this, it is possible to remove screen captures from the computer, record everything that is typed, and steal cryptocurrency wallets.Up to 500 domains and subdomains were linked to the hacker infrastructure, with samples of versions for macos and Android being seen by the researchers.The attacks occur in several languages, especially English, Vietnamese and Thai. If you see advertising that interest you on youtube, pay attention to the channel @ and the number of subscribers, and see if the video in question is listed or not.Always download software directly from the official website, never from third party links or advertising, and report suspicious activity to Youtube or Google Ads. See more: Continues after advertising Video |How to protect yourself from fake internet ads?#Shorts Source: Bitdefender Labs