A malware writer is running YouTube ads for a phishing tool they have secretly backdoored to steal victims' information.
您需要 登录 才可以下载或查看，没有帐号？立即注册
The phishing platform is designed to trick victims into entering their Amazon account information into a passable replica of the legitimate website under the guise of a validation check.
It requires victims enter their login details, along with account data like name and address, and credit card information.
Another phishing platformby the author targeted PayPal and relieved victims of the same sets of information under the guise of account verification checks.
Proofpoint researchers analysed the platforms and found the developer had inserted hidden code that would siphon collected users' information to his own Gmail account.
They found more examples of phishing and malware being advertised on YouTube in what they suggest is likely evidence YouTube does not have an automated system for detecting and removing blackhat material.
"Many of the video samples we found on YouTube have been posted for months, suggesting that YouTube does not have an automated mechanism for detection and removal of these types of videos and links," the researchers say.
"They remain a free, easy-to-use method for the authors of phishing kits and templates to advertise, demonstrate, and distribute their software.
"… multiple samples revealed authors including backdoors to harvest phished credentials even after new phishing actors purchased the templates for use in their own campaigns."
Distributed denial of service attack merchants have long used YouTube as an advertising platform. Multiple offeringsexist including buyDDoSads for whcih have remained online for more than two years despite the service being shut down. ®
Sponsored: Customer Identity and Access Management
上一篇：[视频]央视：共享单车面临诚信考验 被用户随意停放或据为己有 ...
下一篇：正式走向线下：第一家 Google Shop 在加拿大开张了