Steering Cyberattacks Through YouTube Brings New Opportunities for Threat Actors

The world’s top online video-sharing platform, YouTube, keeps reaching new heights in terms of its popularity. The widely used YouTube is loved by its users and also by cybercriminals who use it for nefarious purposes.

Given the incredible viewership statistics, YouTube is a goldmine of opportunities for malicious actors. Moreover, due to its classification under ‘whitelisted’ domains, the streaming service can be exploited by threat actors to skirt traditional defense measures.

A foolproof mode for phishing

YouTube URLs and videos are often used to obfuscate malicious links to trick unsuspecting users into downloading malware payloads. Apart from this, attackers also employ other techniques to target creators such as:
  • Threat actors pilfer personal data from YouTube creators redirecting them to YouTube’s Creator Awards’ official page through a phishing page.
  • Promoting scams by spoofing well-known personalities is an easy trick to garner several viewers. In one such incident, scammers impersonated YouTube philanthropist Jimmy ‘Mr Beast’ Donaldson to promote a free PSN gift card scam to online viewers.
  • Cybercriminals deliver phishing pages of Microsft SharePoint via YouTube redirects with an aim to harvest credentials from users.

Beyond phishing

  • Not just for phishing user data, YouTube is also used by cybercriminals to hide their malware.
  • Lately, security experts found that Astaroth trojan used YouTube channel descriptions to hide its command and control (C2) server.
  • Likewise, the operators of Stantinko botnet had hidden cryptomining malware inside the YouTube video descriptions to prevent detection.

Final thoughts

YouTube as an attack vector continues to evolve. As attackers continue to raise the bar of phishing attacks through the streaming service, YouTubers should be on the lookout for such fraud schemes and report suspicious activity to the company without delay.