Hackers are using malware to make Russian propaganda videos go viral

Who needs actual views when you have money and access to malware?
Who needs actual views when you have money and access to malware?
Image: Reuters/Yana Soboleva
We may earn a commission from links on this page.

Some pro-Russian propaganda videos appear to have gone viral, and not in a good sense. Motherboard reports that a group of unknown hackers has been infecting internet users’ computers with viruses and using them to inflate views on news videos with a pro-Russian slant, as well as some other content.

New research by the security firm Trustwave shows that victims got infected by visiting a compromised website, which installed an exploit kit (an off-the-shelf software package allowing for easy attacks) on their computer, along with a “Trojan virus.” The infected computers would then stealthily rack up views on the videos. As Motherboard’s Lorenzo Franceschi-Bicchierai noted:

“The videos identified by the researchers all appear to be pro-Russian, such as one from the Iranian English-language broadcaster PressTV that quotes a Russian parliament member justifying the annexation of Crimea. The goal of the operation, according to Trustwave researchers Rami Kogan and Arseny Levin, was to artificially increase the popularity of a video and make it more visible to users of the site Dailymotion.”

Trustwave experts say the suspicious videos all share the same traits: they all have a fairly high number of views (around 320,000, most of them within minutes of each other) but no social media shares or comments. By artificially inflating the clip’s popularity, the fraudsters also make the video more visible to other users of the video site. While not a new tactic, Trustwave observed that this is the first time hackers have used inflation to promote “video clips with a seemingly political agenda.”

Both Trustwave analysts and independent security researchers also told Motherboard that using malware for political aims was new, but that such “invisible propaganda” could be very effective, as only its results were visible, but not the fraudulent mechanisms behind them. “We have seen hacks that are motivated by money and other ‘hacktivist’ attacks that are motivated by politics,” Karl Sigler, the threat intelligence manager at Trustwave, told the site. “This current campaign shows that those two motivations are starting to evolve and blend together.”

While it is unclear who is behind the campaign, Trustware experts speculate that those who spread the exploit kit and the malware simply aimed to make money, and that someone else paid them to add fake views to pro-Russian propaganda videos.