Security researchers have found that cyber criminals are advertising and distributing phishing kits through YouTube. These stuffs come with how-to videos and links to additional information, to wannabe hackers through YouTube. However all these advertised kits come with a secret backdoor that sends all the phished data back to the author.
“Many of the video samples we found on YouTube have been posted for months, suggesting that YouTube does not have an automated mechanism for detection and removal of these types of videos and links. They remain a free, easy-to-use method for the authors of phishing kits and templates to advertise, demonstrate, and distribute their software”, according to the researchers.
Also the YouTube videos came with links to templates along with phishing kits. The videos themselves featured the “look and feel of the templates” and provided pointers on how to go about collecting the phished data. One such video was for an Amazon phishing template which cloned the Amazon login page. Researchers noted that this particular video also came with a Facebook link to contact the author.
However Proofpoint researchers decoded a sample of a phishing template downloaded from a link provided in a similar video and discovered that the author’s Gmail address was “hardcoded to receive the results of the phish every time the kit was used, regardless of who used it.”
It is still unclear as to how many people may have been affected by this latest phishing scam. The identity and location of the individual/individuals behind this campaign also remains unknown.