Tools deliver false promises to YouTubers and Gamers

Alexej Savčin 11 Jul 2016

Fake tools, that are actually malicious, promise more YouTube subscribers or gaming coins.

shutterstock_406022581-392823-edited.jpgYouTube Subscriber Tools promise more fans than they can deliver.

If you have a YouTube account and are an aspiring YouTube star, you may have wondered if there’s an easy way to speed up the slow process of raising your channel to the top. If you’re a slow-moving gamer looking for a simple way to advance your skills, you may have wished for coins to make more in game purchases and progress. If you search the Internet, you will definitely find websites with good advice on how to promote your content and even tips on how to create good videos and how to improve your gaming abilities.

"Want more subscribers? No problem!"

There’s much more available on the Internet than just advice and tips. You can also find websites, tools, and bots that promise to quickly boost a user's YouTube or other social channels. Looking for more subscribers or followers? You're in luck -- we found a website where you just fill out a short form and click on a button or download their tool. Of course, there are comments left by satisfied customers who are promoting the tools. Since you're not the first to use the tool and it has good reviews by others, it has to work, right? 

Add YouTube subscribers.png

Webpage of the tool we took a closer look at

positive comments YouTube booster.pngComments of satisfied users

We thought these offers look a little too good to be true and decided to take a closer look at one called YouTube Subscriber Generator.

YouTube Subscriber Generator.png

Alert pop-ups with information about the subscriber generation progress.

You fill in your credentials and select the amount of subscribers that you want to add to your account. How simple is that? In this case, why aren’t more people YouTubers generating millions of new subscribers? Actually, I wondered why these tools even offer the option to gain only 50 or 100 subscribers at a time, but I guess there are still humble people out there somewhere. After we selected the number of subscribers we wanted to add, we needed to wait -- it makes sense that it would take a bit of time to gain hundreds of new subscribers. The tool even displayed a small window showing the progress bar.

Once the process was done, we checked our YouTube account. It appeared that no subscribers had been added. We scratched our heads and thought that maybe something had gone wrong.

In reality, what really happened can be seen in the screenshot below:

code.png

You can see that our credentials were sent to some email address and that’s all that happened. Now, if you were to use this tool, the cybercriminals behind it would have access to your YouTube account and maybe other accounts, in the case that you use the same password for other accounts. If you use one password for multiple accounts, please change your passwords immediately, and if you entered your login credentials into a useless tool like this one, please also change your passwords immediately. You’re probably thinking “Who would fall for this?”, but you would be surprised how many people would (and do!).

Busting YouTube boosters

Money doesn’t grow on trees and are coins generated by these fake tools.

These kinds of tools consistently target inexperienced, young Internet users. For example, we also found a tool that claims to generate coins for the popular FIFA 2015 game. In the game, coins can be used as currency and can be earned after various achievements.

fifa.png

Another way of convincing users to download the tool is by posting videos on YouTube

This tool is different than the YouTube tool, yet they are very similar in their methods. Just like the YouTube boosting tool, there are satisfied users who have commented on the tool’s website, helping convince others to try out the tool.

fake gaming promise.jpg

The description of the tool is very promising

fifa_coins_icon.png

File icon

This particular FIFA coin “generator” is a Trojan. Once the generator is downloaded, it copies itself to various folders on the PC, including the startup folder. It then tries to load URLs, which you can see in the screenshot below. Although some of these URLs are no longer active, they are still capable of downloading additional malware onto the device. This tool runs immediately after Windows is started because it copies itself into the Windows startup folder.  

fifacoins_urls.png

Malicious URLs loaded upon startup


It's just a matter of time until we find another fake tool promising its victims some sort of reward. Fortunately, these tools have a few simple attack vectors, making it easy to detect them. Do your part in keeping yourelf safe by ensuring that your protective shields are active and that your antivirus definitions are updated.

--> -->