From Cracked to Hacked: Malware Spread via YouTube Videos

This report describes an active campaign (TropiCracked) that hijacks older YouTube accounts to distribute cracked-software lures which redirect through Rebrandly/Telegraph to file-sharing sites hosting commodity infostealers (notably Redline and RaccoonStealer). The analysis covers the infection flow, payload analysis, infrastructure and binary-swap tactics, provides IoCs (file hashes, C2 IP, malicious URLs), and recommends detection and mitigation steps including behavior-based controls and user education.