Menu Close

Consumer Safety: NCC-CSIRT cautions against pirated YouTube software-related malware

*The Nigerian Communications Commission’s Computer Security Incident Response Team warns the consequences of falling victim could be significant for individual consumers and organisations, resulting in critical damage, including data theft, financial loss, identity theft, system damage, and reputation damage

Gbenga Kayode | ConsumerConnect

As part of the Commission’s consumer protection and education efforts, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has warned those seeking pirated software and resources against the risk falling victim to  cybercriminal gangs using AI-generated YouTube videos to distribute malware.

Mr. Reuben Muoka, Director of Public Affairs at NCC, Sunday, March 26, 2023, stated the NCC-CSIRT, in its latest advisory, warned the consequences of falling victim could be significant for individuals and organisations, resulting in critical damage like data theft, financial loss, identity theft, system damage, and reputation damage.

READ Internet4All: NCC, ICANN Urge Critical Stakeholders To Advocate Adoption Of Universal Acceptance

The advisory also said unsuspecting victims, who watch these AI-generated tutorial videos would be duped into clicking on one of the links in the video description, which usually results in the download of data-stealing malware.

The number of YouTube videos containing such links has increased by 200-300 percent month-on-month since November 2022, noted NCC-CSIRT.

The advisory further stated: “To stimulate the interest of potential victims, video tutorials on how to pirate sought-after software, such as AutoCAD, Adobe Photoshop, Adobe Premiere Pro, and other similar paid-for software are created.

READ Cybersafety: Nigeria Recorded 3,834,244 Attacks At Gubernatorial, Assembly Polls –Minister

“These videos are created with AI and feature humans with facial features that research has shown other humans find trustworthy.”

It also explained that “the tutorials in these videos are frequently bogus and steer viewers to links in the description that led to information-stealing malware like Raccoon, Vidar, and RedLine.”

The Team disclosed malicious actors could create AI-generated videos that include hidden or disguised malware.

These videos may appear to be harmless or even entertaining, but they can contain malicious code that can infect a viewer’s device when the video is downloaded or played, it said.

READ: Consumer TELCARE Centre To Improve Stakeholder Engagement, Address Telecoms Issues –Danbatta

According to the advisory, cybercriminal actors can also use AI-generated videos to trick viewers into downloading malware.

“For example, they can create a video that appears to be a legitimate software update or security patch, but it contains malware that infects the viewer’s device.

“They equally use AI-generated videos to distribute phishing scams. “They can create a video that appears to be from a legitimate company or organization and prompts viewers to click on a link to enter their login credentials or personal information. Once the viewer clicks on the link, they are directed to a fake website that steals their information,” NCC-CSIRT stated.

READ 2023 WCRD: NCC Tasks Network Providers On Efficient Social Infrastructure, Environment-Friendly Services

Besides, the advisory said malicious actors could use AI-generated videos to distribute ransomware. It further stressed that they could create a video that appears to be harmless, but when the viewer clicks on a link or downloads a file associated with the video, their device becomes infected with ransomware that locks them out of their files and demands payment to regain access.

How to protect yourself against malware infection

NCC-CSIRT said that to avoid becoming a victim, telecoms consumers should avoid downloading pirated software because they are generally harmful and illegal.

RELATED: Danbatta Restates NCC’s Commitment To Broadband, Consumer Protection, Digital Economy

Furthermore, the advisory recommends installation of antivirus software with internet security and keeping it up to date, installing an endpoint detection and response (EDR) solution that is comprehensive, and thinking before clicking any link, NCC-CSIRT added.

Kindly Share This Story

 

Kindly share this story