Microsoft Security Intelligence says that there is a large-scale click fraud campaign that is targeting users through YouTube comments and malicious ads. According to a tweet from Microsoft Security, the attack is perpetrated by a threat actor known as DEV-0796.
This individual or group are monetizing clicks that happen through a browser node-webkit or infected browser extension. These components are placed onto a user’s device without them knowing.
Microsoft points out that the attack begins when a user unwittingly clicks on YouTube comments links or malicious ads. As always with these types of threats, the attack relies on fooling the user into believing they are interacting with something legitimate.
When the victim clicks the comment/ad, an ISO file downloads pretending to offer game cheats. If the user opens the file, it will install the browser extension or node-webkit (NW.js). This is the component the attacker needs.
In a follow-up tweet, Microsoft Security Intelligence offers recommendations on how to avoid falling victim to this or similar attacks:
“To protect against this threat, Microsoft highly recommends customers to turn on PUA protection to block the installation of malicious and unwanted programs, and use Defender SmartScreen to block access to malicious download sites and attacker-controlled servers,” Microsoft says.
“Microsoft 365 Defender customers can also refer to the threat analytics article that we published about this threat. The report contains technical details, IOCs, mitigation guidance, and hunting queries that can enable organizations to locate and respond to related activity.”
As the file is offering cheats, this is an attack that is directly targeting gamers. Earlier this month, cybersecurity firm Kaspersky Labs revealed that gamers are an increasingly rich target. The company specifically pointed to Minecraft as the most popular game for threat actors.
Kaspersky says bait attacks on the game affected 131,005 users between July 2021 to June 2022, with 23,239 malware files sent.
Following Minecraft, other games saw a high number of unwanted files distributed: FIFA (10,776), Roblox (8,903), Far Cry (8,736), Call of Duty (8,319), Need for Speed (7,569), Grand Theft Auto (7,125), Valorant (5,426), The Sims (5,005), and CS:GO (4,790).
Tip of the day: The Windows Clipboard history feature provides the functionality across device, space, and time, letting you copy on one computer and paste the text days later on a different PC. All of it is possible via the Windows 10 clipboard manager, which lets you view, delete, pin, and clear clipboard history at will.
In our tutorial we show you how to enable the feature, clear clipboard history, and enable/disable clipboard sync to meet your preferences. You can also create a clear clipboard shortcut for quick removal of stored content.