YouTube has emerged as a new battleground for cybercriminals to launch phishing attacks, distribute malware, and propagate fraudulent investment schemes, according to a report from security researchers at Avast. The report sheds light on the growing threat of malicious actors exploiting the popular video platform to target unsuspecting users.
Deepfake Videos and Cryptocurrency Scams
Researchers specifically highlighted using Lumma and RedLine malware for phishing, scam landing pages, and malicious software distribution. YouTube acts as a traffic distribution system, directing users to these malicious sites and pages, and supporting scams of varying severity.
Moreover, the report uncovered a concerning rise in deepfake videos on the platform. These realistic but fake videos mislead viewers with fabricated people or events, spreading disinformation. Avast found multiple accounts with over 50 million subscribers each that were compromised and hijacked to spread cryptocurrency scams reliant on deepfake videos. These videos feature fake comments to deceive other viewers and contain malicious links.
Exploitation Tactics on YouTube
The researchers observed five different ways YouTube can be exploited by threat actors:
- Personalized phishing emails to YouTube creators, proposing fake collaboration opportunities to gain trust before sending malicious links.
- Compromised video descriptions containing malicious links, tricking users into downloading malware.
- Hijacking YouTube channels and repurposing them to spread threats like cryptocurrency scams.
- Exploitation of software brands and legitimate-looking domains with fraudulent websites loaded with malware.
- Creating videos using social engineering techniques that guide users to allegedly helpful tools that are malware in disguise.
Protective Measures and Cybersecurity Awareness
Avast credits its scanning capabilities with protecting more than 4 million YouTube users in 2023 and approximately 500,000 users in the first quarter of this year from these threats.
Trevor Collins, a WatchGuard Network security engineer, emphasizes the importance of companies and security leaders preparing their teams and organizations for these threats. “Regular education is essential. Make people aware that there are scammers out there doing this,” Collins says. “In addition, train and reassure them that it’s OK to notify either their security team or other people within the company if they’ve gotten an unusual request — for instance, to provide login credentials, move money, or go buy a bunch of gift cards — before acting on it.”
As cybercriminals continue to exploit popular platforms like YouTube, individuals and organizations must remain vigilant, prioritize cybersecurity awareness, and implement robust security measures to protect themselves from phishing, malware, and scams.