The Nigerian Communications Commission (NCC) has issued a public alert on cybercriminal gangs that are disseminating malware using AI-generated YouTube videos via its Computer Security Incident Response Team (CSIRT).

This was contained in a news statement dated March 26th, 2023, and signed by Reuben Muoka, NCC Director of Public Affairs.

According to the statement, those who watch the AI-generated tutorial videos will be tricked into clicking on one or more of the links in the video description, which usually results in the download of data-stealing malware, which the NCC claims have increased by 200% to 300% month on month since November 2022. Raccoon, Vidar, and RedLine are a few examples.

Read also: Cybercrime Ravages Cryptocurrencies

Who can be the malware victim?

The NCC said the alert is a warning to individuals and organisations looking to acquire pirated software and resources as this puts them at risk of becoming victims of such gangs, whose consequences can be critical and may result in financial loss, data theft, identity theft, reputation damage, and system damage.

“To stimulate the interest of potential victims, video tutorials on how to pirate sought-after software such as AutoCAD, Adobe Photoshop, Adobe Premiere Pro, and other similar paid-for software are created. These videos are created with AI and feature humans with facial features that research has shown other humans find trustworthy.

“The tutorials in these videos are frequently bogus and steer viewers to links in the description that led to information-stealing malware like Raccoon, Vidar, and RedLine,” the Statement revealed.

“Cybercriminal actors can also use AI-generated videos to trick viewers into downloading malware. For example, they can create a video that appears to be a legitimate software update or security patch, but it contains malware that infects the viewer’s device.

“They equally use AI-generated videos to distribute phishing scams. They can create a video that appears to be from a legitimate company or organisation and prompts viewers to click on a link to enter their login credentials or personal information. Once the viewer clicks on the link, they are directed to a fake website that steals their information.” The statement continued.

“Additionally, malicious actors can use AI-generated videos to distribute ransomware. They can create a video that appears to be harmless, but when the viewer clicks on a link or downloads a file associated with the video, their device becomes infected with ransomware that locks them out of their files and demands payment to regain access.” It said.

Cybercrime Typology in Nigeria: A Sign of Industrialisation Part 1

How to be protected

The NCC-CSIRT highlights that one important step to take in achieving proactive measures is to protect against evolving cyber threats by avoiding falling victim to these cyber threats. To achieve this, the commission recommends avoiding pirated software, installing and keeping antivirus software up to date, installing a comprehensive endpoint detection and response (EDR) solution, and careful considerations before clicking any link. 

The Nigerian Communications Commission assures the populace that being the nation’s premier communications regulatory agency under the Federal Ministry of Communications & Digital Economy, it is mandated to work with all stakeholders to ensure a secure cyberspace that is safe for the operators and consumers of communications services and infrastructure in Nigeria.