The YouTube videos in question employ a screen recording or audio walkthrough to describe how to download and install the cracked software. To add legitimacy, threat actors use platforms such as Synthesia and D-ID to create AI-generated avatars with a face that people perceive as familiar and trustworthy. The description of these videos appears to contain links to infostealer malware such as Vidar, RedLine, and Raccoon. There has been a 200%-300% month-to-month increase in malware-infected videos. Hackers are also figuring out how to take over popular YouTube channels in order to upload videos.