According to researchers at security provider Avast, YouTube has emerged as a new front for malicious actors deploying phishing, other malware, and fraudulent investment schemes.
Researchers have focused on Lumma and RedLine, noting phishing scams, scam login pages, and malware. YouTube serves as a traffic distribution system redirecting users to these malicious websites and pages, supporting various levels of scams.
Additionally, deepfake videos on the platform continue to rise, misleading viewers with realistic yet fabricated people or events and spreading false information. Avast identified multiple accounts, each with over 50 million users, compromised and hijacked for propagating cryptocurrency scams relying on deepfake videos. These videos include false reviews, deceiving viewers and containing malicious links.
Researchers observed five ways threat actors exploit YouTube. Firstly, personalized phishing emails sent to YouTube creators offering fake collaboration opportunities to gain trust and distribute malicious links. Secondly, attackers manipulate video descriptions with malicious links, tricking users into downloading malware. Thirdly, hijacking YouTube channels to repurpose them for spreading other threats like cryptocurrency scams.
Moreover, attackers leverage software brands and legitimate domains to create fraudulent websites containing malware. They use social engineering techniques to create videos enticing users to download malicious software disguised as useful tools.
3.5