New YouTube Bot Spotted Stealing Sensitive User Information
A new malicious YouTube bot was uncovered.
This YouTube bot can be leveraged to artificially boost content on YouTube by viewing, liking, and commenting on videos and subscribing to channels.
The bot is also capable of stealing victims' sensitive information such as cookies, AutoFill, Login data, and passwords.
The bot receives commands from the Command & Control (C2) server and can download and execute additional malicious files on the victim's machine.
The bot uses Windows Scheduled Tasks to establish persistence on the victims' machine and uses a Mutex that starts with "sm" to ensure the malware is only running once.
Featured Resources
View More Resources
blog
CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center
Ilan Kalendarov, Security Research Team LeadBen Zamir, Security ResearcherElad Beber, Security Researcher Executive Summary Cymulate Research Labs has uncovered a local privilege
blog
Shai-Hulud 2.0: NPM Supply Chain Attack Exposes the SDLC's Weakest Link
Idan Sherman, Security Researcher Executive summary The "Shai-Hulud" supply chain campaign has returned, striking harder and smarter than before. This
blog
Top 5 Must-Have Features in an Exposure Management Platform
Security teams are under growing pressure to reduce risk faster and prove resilience continuously. Attack surfaces expand with every new