The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has issued a warning to those seeking to obtain pirated software that they may fall victim to cybercriminals, who use AI-generated YouTube videos to distribute malware.
The NCC-CSIRT advisory further stated that the consequences of becoming a victim could be significant, leading to damage to individuals and organisations in the form of data theft, financial loss, identity theft, system damage and reputation damage.
Unsuspecting victims watching these tutorial videos could be duped into clicking on links in the video description, leading to the download of data-stealing malware.
The number of YouTube videos containing such links has increased by 200-300 per cent month on month since November 2022. The videos, created with AI and featuring humans with trustworthy facial features, claim to offer instructions on how to pirate popular software, including AutoCAD, Adobe Photoshop and Premiere Pro. They redirect viewers to links that lead to information-stealing malware like Raccoon, Vidar and RedLine.
“Cybercriminals can use AI-generated videos to deceive viewers into downloading malware or falling for phishing scams by creating seemingly legitimate content that contains harmful software or leads to fake websites.
“They can also distribute ransomware through apparently harmless videos that contain links or files that infect devices and demand payment for access to locked files,” a statement from the NCC’s director of public affairs, Reuben Muoka said.
Mouka said that these harmless-looking videos contain malicious code that can infect a viewer’s device when the video is downloaded or played.
“The downloaded malware can distribute phishing scams or ransomware.
The advisory recommended avoiding downloading pirated software and installing antivirus software with internet security, keeping it up-to-date and installing an end-point detection and response (EDR) solution that is comprehensive. It also advised consumers to “think before clicking on any link”.