Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Phishing tackle ships data catch to net sharks

DIY-phishing code advertised YouTube have predictable by-products

A malware writer is running YouTube ads for a phishing tool they have secretly backdoored to steal victims' information.

The phishing platform is designed to trick victims into entering their Amazon account information into a passable replica of the legitimate website under the guise of a validation check.

It requires victims enter their login details, along with account data like name and address, and credit card information.

Another phishing platform by the author targeted PayPal and relieved victims of the same sets of information under the guise of account verification checks.

Proofpoint researchers analysed the platforms and found the developer had inserted hidden code that would siphon collected users' information to his own Gmail account.

They found more examples of phishing and malware being advertised on YouTube in what they suggest is likely evidence YouTube does not have an automated system for detecting and removing blackhat material.

"Many of the video samples we found on YouTube have been posted for months, suggesting that YouTube does not have an automated mechanism for detection and removal of these types of videos and links," the researchers say.

"They remain a free, easy-to-use method for the authors of phishing kits and templates to advertise, demonstrate, and distribute their software.

"… multiple samples revealed authors including backdoors to harvest phished credentials even after new phishing actors purchased the templates for use in their own campaigns."

Distributed denial of service attack merchants have long used YouTube as an advertising platform. Multiple offerings exist including buyDDoS ads for whcih have remained online for more than two years despite the service being shut down. ®

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like