* update 2024-07-25 06:18:51

yuriufo · Jul 24, 2024 · fb21d2b · fb21d2b
1 parent 916472e
commit fb21d2b
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/arXiv_db/Malware/2024.md b/arXiv_db/Malware/2024.md
@@ -2154,3 +2154,15 @@
 
 </details>
 
+<details>
+
+<summary>2024-07-23 02:32:52 - Users Feel Guilty: Measurement of Illegal Software Installation Guide Videos on YouTube for Malware Distribution</summary>
+
+- *Rei Yamagishi, Shota Fujii, Tatsuya Mori*
+
+- `2407.16132v1` - [abs](http://arxiv.org/abs/2407.16132v1) - [pdf](http://arxiv.org/pdf/2407.16132v1)
+
+> This study introduces and examines a sophisticated malware distribution technique that exploits popular video sharing platforms. In this attack, threat actors distribute malware through deceptive content that promises free versions of premium software and game cheats. Throughout this paper, we call this attack MalTube. MalTube is particularly insidious because it exploits the guilt feelings of users for engaging in potentially illegal activity, making them less likely to report the infection or ask for a help. To investigate this emerging threat, we developed video platform exploitation reconnaissance VIPER, a novel monitoring system designed to detect, monitor, and analyze MalTube activity at scale. Over a four-month data collection period, VIPER processed and analyzed 14,363 videos, 8,671 associated channels, and 1,269 unique fully qualified domain names associated with malware downloads. Our findings reveal that MalTube attackers primarily target young gamers, using the lure of free software and game cheats as infection vectors. The attackers employ various sophisticated social engineering techniques to maximize user engagement and ensure successful malware propagation. These techniques include the strategic use of platform-specific features such as trending keywords, emoticons, and eye-catching thumbnails. These tactics closely mimic legitimate content creation strategies while providing detailed instructions for malware infection. Based on our in-depth analysis, we propose a set of robust detection and mitigation strategies that exploit the invariant characteristics of MalTube videos, offering the potential for automated threat detection and prevention.
+
+</details>
+