A fraudulent IT support website that promotes the spread of VidarStealer malware has been recently identified by eSentire, a computer security service provider.
The malicious website provides users with seemingly legitimate detailed instructions on how to execute PowerShell commands to resolve the issue.
Since many computer users may not have the ability to understand coding language, they may not realize that the code they are entering does not fix their issue but rather installs malicious software to their computer.
The fake IT websites were promoted via YouTube channels that claims to help users fix the Windows Update Error, 0x80070643.
These channels are primarily used as doorways to redirect users to malicious websites that instruct them to unknowingly download VidarStealer malware to their computer.
Some of the domains in question are:
The YouTube channels direct users to visit these websites and follow a sequence of steps, which includes opening PowerShell with admin privileges and copying and pasting a command displayed on the site.
However, upon further examination, it is revealed that the PowerShell code that was asked to be copied and pasted is in fact an installer for VidarStealer malware on the user's computer.
They also make it difficult to follow the instructions, which is why they also deceive users into downloading the malicious script itself. As a result, the user will be required to execute it as an administrator rather than manually typing it.
VidarStealer is a malicious software that is specifically engineered to extract sensitive information from the infected computer, including credit card details, passwords, and other confidential information.
The fact that these YouTube videos are sponsored is particularly alarming, as it implies that they are actively promoted to unsuspecting users.
One of the videos associated with this threat has already garnered 27,000 views and is still growing as of the time of writing. This considerably raises the possibility of more people falling prey to this fraudulent strategy.
The YouTube channels in question present themselves as legitimate tech support resources and it even featured fake bot comments claiming it worked.
Users who need help fixing their Windows Update errors may be tricked into following the instructions and install malware into their computer unknowingly.