The Dark Side of Clickbait: How Fake Video Links Deliver Malware

    Date: 02/26/2025

    Severity: High

    Summary

    "The Dark Side of Clickbait: How Fake Video Links Deliver Malware" highlights a surge in phishing campaigns that use fake viral video links to trick users into downloading malware. The attack relies on social engineering, redirecting victims through multiple malicious websites before delivering the payload. Users are enticed with promises of exclusive content, leading them to fraudulent pages and deceptive download links.

    Indicators of Compromise (IOC) List

    URL/Domain

    https://gitb.org/watch-click/?=archive 

    https://viralxgo.com/watch-full-video/

    https://purecopperapp.monster/indexind.php?flow_id=107&aff_click_id=D-21356743-1737975550-34G123G137G124-AITLS2195&keyword=Yourfile&ip=115.118.240.109&sub=22697121&source=157764 

    https://wlanpremiumapp.monster/indexind.php?flow_id=107&aff_click_id=D-21356743-1739353595-34G134G64G208-YBUVA1634&keyword=Yourfile&ip=115.118.240.109&sub=22697095&source=157764 

    https://savetitaniumapp.monster/?t=d6ebff4d554677320244f60589926b97 

    https://loadpremiumapp.monster/?t=74fddba44e47538821a2796e12191868 

    https://mega.nz/file/JG9nHAjQ#xYoJHxAy_mP1KlZC-m2P-UgPzXiHiH6XA0QQn62sseY

    Hash

    00001c98e08fa4d7f4924bd1c375149104bd4f1981cef604755d34ca225f2ce1 
    
    000e75287631a93264d11fc2b773c61992664277386f45fa19897a095e6a7c81 
    
    52c606609dab25cdd43f831140d7f296d89f9f979e00918f712018e8cc1b6750 
    
    00539e997eb6ae5f6f7cb050c3486a6dfb901b1268c13bdfeeec5b776bf81c1e 
    
    0047d7a61fd9279c9fba9a604ed892e4ec9d732b10c6562aab1938486a538b7d 

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    userdomainname like "https://gitb.org/watch-click/?=archive" or url like "https://gitb.org/watch-click/?=archive" or userdomainname like "https://viralxgo.com/watch-full-video/" or url like "https://viralxgo.com/watch-full-video/" or userdomainname like "https://purecopperapp.monster/indexind.php?flow_id=107&aff_click_id=D-21356743-1737975550-34G123G137G124-AITLS2195&keyword=Yourfile&ip=115.118.240.109&sub=22697121&source=157764" or url like "https://purecopperapp.monster/indexind.php?flow_id=107&aff_click_id=D-21356743-1737975550-34G123G137G124-AITLS2195&keyword=Yourfile&ip=115.118.240.109&sub=22697121&source=157764" or userdomainname like "https://wlanpremiumapp.monster/indexind.php?flow_id=107&aff_click_id=D-21356743-1739353595-34G134G64G208-YBUVA1634&keyword=Yourfile&ip=115.118.240.109&sub=22697095&source=157764" or url like "https://wlanpremiumapp.monster/indexind.php?flow_id=107&aff_click_id=D-21356743-1739353595-34G134G64G208-YBUVA1634&keyword=Yourfile&ip=115.118.240.109&sub=22697095&source=157764" or userdomainname like "https://savetitaniumapp.monster/?t=d6ebff4d554677320244f60589926b97" or url like "https://savetitaniumapp.monster/?t=d6ebff4d554677320244f60589926b97" or userdomainname like "https://loadpremiumapp.monster/?t=74fddba44e47538821a2796e12191868" or url like "https://loadpremiumapp.monster/?t=74fddba44e47538821a2796e12191868" or userdomainname like "https://mega.nz/file/JG9nHAjQ#xYoJHxAy_mP1KlZC-m2P-UgPzXiHiH6XA0QQn62sseY" or url like "https://mega.nz/file/JG9nHAjQ#xYoJHxAy_mP1KlZC-m2P-UgPzXiHiH6XA0QQn62sseY"

    Detection Query 2

    sha256hash IN ("00001c98e08fa4d7f4924bd1c375149104bd4f1981cef604755d34ca225f2ce1","00539e997eb6ae5f6f7cb050c3486a6dfb901b1268c13bdfeeec5b776bf81c1e","000e75287631a93264d11fc2b773c61992664277386f45fa19897a095e6a7c81","52c606609dab25cdd43f831140d7f296d89f9f979e00918f712018e8cc1b6750","0047d7a61fd9279c9fba9a604ed892e4ec9d732b10c6562aab1938486a538b7d")

    Reference: 

    https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-dark-side-of-clickbait-how-fake-video-links-deliver-malware/


    Tags

    MalwarePhishingSocial Engineering

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags