Proofpoint researchers reveal that cyber-criminals have been using YouTube as a combined technical support desk and malware retail distribution channel.
Researchers from Proofpoint uncovered bad guys posting ‘how to’ videos showing prospective purchasers of their phishing kits how to set them up and get going. If that wasn’t bad enough, the comments section underneath contained the working download links for the phishing templates and kits.
Proofpoint says “many of the video samples we found on YouTube have been posted for months, suggesting that YouTube does not have an automated mechanism for detection and removal of these types of videos and links.” Which mean they remain a free and dead easy-to-use method for the authors of phishing kits and templates to advertise, demonstrate, and distribute their wares. And, at the same time, adds to the pool of lowlifes putting your business at risk of getting caught up in a credentials heist.
