People are selling phishing attacks on YouTube that have backdoors in them

[Batu69]

Seriously, you cannot trust anyone these days

SECURITY COMPANY Proofpoint has discovered that some bastard blaggards are using the medium of Youtube to sell phishing software to people, and then exploiting those people.

 

It makes you wonder if you can trust anyone these days? If you cannot trust someone who sells something that is designed to steal from people not to steal from you, who can you trust not to steal from you? In the short term, let's assume that we can trust Proofpoint.

 

Proofpoint is pretty upset about its discovery and disappointed to see old hacking techniques making their way onto cats jumping onto things and monkeys sniffing things site YouTube. We guess we should all share its disappointment. Even those of us that have neither sought nor bought a phishing kit on the internet.

 

"Like most other businesses, cybercriminals look for ways to market and distribute their tools effectively while staying under the radar of law enforcement and the security community. Recently, Proofpoint researchers have observed scammers distributing phishing templates and kits via YouTube, complete with how-to videos and links in the video descriptions to the software. In fact, this practice appears to be quite widespread. A simple search for "paypal scama" returns over 114,000 results," said the firm.

 

"There's a catch, though, for criminals downloading the software: a backdoor sends the phished information back to the author. While backdoors on these templates aren't new, the use of YouTube to advertise and distribute them is a new trend."

 

It is not that new though, Proofpoint says that some of the videos have been on YouTube for a few months now, and that this suggests that Youtube does not have anything that automatically scans for this kind of caper.

 

The last laugh is on the original poster because ultimately everything comes back to him, or her. The victims are the victims that have fallen foul of schemes to rob them via Amazon and eBay and other online merchants. Obviously.

 

"Many of the video samples we found on YouTube have been posted for months, suggesting that YouTube does not have an automated mechanism for detection and removal of these types of videos and links. They remain a free, easy-to-use method for the authors of phishing kits and templates to advertise, demonstrate, and distribute their software," concludes Proofpoint.

 

"At the same time, the old adage of ‘honor among thieves' should be taken with a grain of salt, since multiple samples revealed authors including backdoors to harvest phished credentials even after new phishing actors purchased the templates for use in their own campaigns. The real losers in these transactions, though, are the victims who have their credentials stolen by multiple actors every time the kits are used."

 

Article source