Gastronomic-Paradise

Malicious Proxy Software Disseminated via YouTube Video Download Platform

Guard against Proxyware Malware! Explore present threats from YouTube downloaders and their consequences in our article.

, and Administrator

2025 September 8 . 9:26 AM

1 min read

Malicious software known as Proxyware is disseminated via a platform for downloading YouTube... — Malicious software known as Proxyware is disseminated via a platform for downloading YouTube videos.

Malicious Proxy Software Disseminated via YouTube Video Download Platform

In recent developments, a series of proxyjacking attacks have been targeting South Korean internet users. These attacks, similar to cryptojacking, secretly divert internet bandwidth to external parties by installing proxyware on systems without user consent.

The malware, disguised as an installation file named "QuickScreenRecorder", has been detected in various forms, including the Dropper/Win.Proxyware.C5783593, Unwanted/Win.Proxyware.R712792, and other malware variants. The attackers use GitHub as a platform to distribute the malware, with several repositories containing malware variants.

The malware uses several PowerShell scripts, JavaScript files, and other downloaders to install the proxyware. Some users searching for YouTube video download sites may unknowingly download malware disguised as video download buttons.

The startup routine of the Honeygain Proxyware involves the function from "hgsdk.dll". Interestingly, while most of the attacks use proxyware from the DigitalPulse provider, some also distribute software from Honeygain. In some instances, Honeygain's proxyware is installed instead of DigitalPulse's proxyware.

The groups or individuals behind these attacks have not been publicly disclosed. However, the AhnLab Security Intelligence Center (ASEC) has reported a new attack method using proxyware distributed via ads on a freeware website. The attacks are currently active in South Korea and have resulted in several infection cases.

To protect your system, it is crucial to exercise caution when downloading executable files from suspicious websites or file-sharing sites that display ads and pop-ups. Be wary of any unexpected installation files, especially those named "QuickScreenRecorder". If your system is already infected, the V3 product can be installed to prevent further malware infections.

It is also important to note that these proxyjacking attacks have been documented by several security companies, including ASEC, and large-scale campaigns have been discovered as early as 2023. Stay vigilant and keep your system secure.