This study introduces and examines a sophisticated malware distribution technique that exploits popular video sharing platforms. In this attack, threat actors distribute malware through deceptive content that promises free versions of premium software and game cheats. Throughout this paper, we call this attack MalTube. MalTube is particularly insidious because it exploits the guilt feelings of users for engaging in potentially illegal activity, making them less likely to report the infection or ask for a help. To investigate this emerging threat, we developed video platform exploitation reconnaissance VIPER, a novel monitoring system designed to detect, monitor, and analyze MalTube activity at scale. Over a four-month data collection period, VIPER processed and analyzed 14,363 videos, 8,671 associated channels, and 1,269 unique fully qualified domain names associated with malware downloads. Our findings reveal that MalTube attackers primarily target young gamers, using the lure of free software and game cheats as infection vectors. The attackers employ various sophisticated social engineering techniques to maximize user engagement and ensure successful malware propagation. These techniques include the strategic use of platform-specific features such as trending keywords, emoticons, and eye-catching thumbnails. These tactics closely mimic legitimate content creation strategies while providing detailed instructions for malware infection. Based on our in-depth analysis, we propose a set of robust detection and mitigation strategies that exploit the invariant characteristics of MalTube videos, offering the potential for automated threat detection and prevention.

翻译：本研究介绍并考察了一种利用流行视频分享平台进行复杂恶意软件传播的技术。在此类攻击中，威胁行为者通过承诺提供付费软件免费版本和游戏作弊工具的欺骗性内容传播恶意软件。在整篇论文中，我们将此类攻击称为MalTube。MalTube尤为隐蔽，因为它利用了用户因参与潜在非法活动而产生的内疚感，从而降低他们报告感染或寻求帮助的可能性。为调查这一新兴威胁，我们开发了视频平台利用侦察系统VIPER，这是一个新颖的监控系统，旨在大规模检测、监测和分析MalTube活动。在为期四个月的数据收集期间，VIPER处理并分析了14,363个视频、8,671个相关频道以及1,269个与恶意软件下载相关的唯一全限定域名。我们的研究结果表明，MalTube攻击者主要针对年轻游戏玩家，利用免费软件和游戏作弊工具作为感染诱饵。攻击者采用各种复杂的社交工程技术来最大化用户参与度并确保恶意软件成功传播。这些技术包括策略性地使用平台特定功能，如热门关键词、表情符号和吸引眼球的缩略图。这些策略高度模仿合法的内容创作方法，同时提供详细的恶意软件感染指导。基于我们的深入分析，我们提出了一套利用MalTube视频不变特征的鲁棒检测与缓解策略，为自动化威胁检测与预防提供了可能。