A malware writer is running YouTube ads for a phishing tool they have secretly backdoored to steal victims' information.
The phishing platform is designed to trick victims into entering their Amazon account information into a passable replica of the legitimate website under the guise of a validation check.
It requires victims enter their login details, along with account data like name and address, and credit card information.
Another phishing platform by the author targeted PayPal and relieved victims of the same sets of information under the guise of account verification checks.
Proofpoint researchers analysed the platforms and found the developer had inserted hidden code that would siphon collected users' information to his own Gmail account.
They found more examples of phishing and malware being advertised on YouTube in what they suggest is likely evidence YouTube does not have an automated system for detecting and removing blackhat material.
"Many of the video samples we found on YouTube have been posted for months, suggesting that YouTube does not have an automated mechanism for detection and removal of these types of videos and links," the researchers say.
"They remain a free, easy-to-use method for the authors of phishing kits and templates to advertise, demonstrate, and distribute their software.
"… multiple samples revealed authors including backdoors to harvest phished credentials even after new phishing actors purchased the templates for use in their own campaigns."
Distributed denial of service attack merchants have long used YouTube as an advertising platform. Multiple offerings exist including buyDDoS ads for whcih have remained online for more than two years despite the service being shut down. ®