YouTube ads spread banking malware

YouTube malwareSecurity researchers at Bromium have discovered that hackers were spreading malware onto computers while unsuspecting users were watching YouTube videos.

The drive-by-download attack was distributed via adverts shown on the YouTube website, and used an exploit kit to infect Windows PCs with a version of the Caphaw banking Trojan.

According to a blog post by Bromium, the attack relied upon the exploitation of a Java vulnerability (CVE-2013-2460, patched by Oracle in mid-2013).

According to the security firm, whose vSentry technology intercepted the attack, the exploit kit used by the hackers was the same one which was recently used to infect visitors to the Hasbro toys website.

Bromium vSentry report

To its credit, Bromium worked with the Google security team over the weekend to resolve the issue on YouTube.

However, it's quite possible that some users have still had their computers infected by the malware attack, and could be having their banking credentials stolen as a result.

Once again, this incident acts as timely advice to either ensure that your installation of Java is properly updated with the latest security patches or (better) disabled entirely inside your browser.

And, of course, make sure that you have a layered defence in place to reduce the risks of malware attack.

More details of the attack, and the malware which was distributed by YouTube's ad network, can be found in Bromium's blog post.

Tags: , , , , , , , , ,

Subscribe to the free GCHQ newsletter

, , , , , , , , ,

Special offers & deals


  • PureVPN - 85% off!

    PureVPN - 85% off!

    Make sure your personal data and online activity aren't exposed. Encrypt your internet traffic and cover your tracks with PureVPN. Works with your PCs, Macs, iPhones, Androids, routers, gaming consoles, and Smart TVs. Connect up to 5 devices at once at top speeds.
  • Password Boss Premium Version - 86% off!

    Password Boss Premium Version - 86% off!

    All you need to do is remember one master password, and Password Boss will do the rest - remembering all of your different online passwords securely. Security and peace of mind.

More deals...

Leave a reply

1 Comment on "YouTube ads spread banking malware"

Notify of
avatar

Sort by:   newest | oldest | most voted
Xane M.
Visitor
Xane M.
March 13, 2015 8:13 pm

I guess this gave people a reason to use an ad blocker even if they normally don't have one…

wpDiscuz