The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has warned Nigerians against acquiring pirated software and resources.
The NCC-CSIRT in an advisory, signed by its Director, Public Affairs, Reuben Muoka stated that, cybercriminal gangs that are using AI-generated YouTube videos to distribute malware which puts them at risk of becoming victims.
According to the advisory, unsuspecting victims who watch the AI-generated tutorial videos will be duped into clicking on one of the links in the video description, which inturn download data-stealing malware.
It added, “The number of YouTube videos containing such links has increased by 200-300% months on month since November 2022.
“To stimulate the interest of potential victims, video tutorials on how to pirate sought-after software such as AutoCAD, Adobe Photoshop, Adobe Premiere Pro, and other similar paid-for software are created.
“These videos are created with AI and feature humans with facial features that research has shown other humans find trustworthy.
“The tutorials in these videos are frequently bogus and steer viewers to links in the description that led to information-stealing malware like Raccoon, Vidar, and RedLine,” the advisory revealed.
“The consequences of falling victim can be significant for individuals and organizations, resulting in critical damage like data theft, financial loss, identity theft, system damage, and reputation damage”.
According to the NCC-CSIRT, the Cybercriminals can create AI-generated videos with hidden or disguised malware which may appear harmless or even entertaining.
It however noted that, the videos can contain malicious code that can infect a viewer’s device when the video is downloaded or played.
It further added that, the Cybercriminals can also use AI-generated videos to trick viewers into downloading malware by creating a video that appears to be a legitimate software update or security patch, contains malware that infects the viewer’s device.
The NCC-CSIRT further disclosed that, they can equally use AI-generated videos to distribute phishing scams.
It further informed that, “They can create a video that appears to be from a legitimate company or organization and prompts viewers to click on a link to enter their login credentials or personal information. Once the viewer clicks on the link, they are directed to a fake website that steals their information.
“Additionally, malicious actors can use AI-generated videos to distribute ransomware. They can create a video that appears to be harmless, but when the viewer clicks on a link or downloads a file associated with the video, their device becomes infected with ransomware that locks them out of their files and demands payment to regain access”.
NCC-CSIRT advised that, to avoid becoming a victim, telecom consumers should avoid downloading pirated software because they are generally harmful and illegal.
The advisory further recommends the installation of antivirus software with internet security and keeping it up to date.
It stated, “Installing an endpoint detection and response (EDR) solution that is comprehensive, and thinking before clicking any link”.