Banking Malware Distributed via YouTube Ads

At first, many antiviruses did not detect the threat (click to see full)

Malvertising attacks are becoming more and more common and it appears that not even YouTube users are safe. Security researchers from Bromium have come across a YouTube link that led users to an exploit kit website.

According to experts, cybercriminals compromised an ad network that’s used to serve advertisements on YouTube. The ad network in question hosted the Styx exploit kit.

This particular exploit kit is designed to leverage Java vulnerabilities in order to push malware onto infected devices. In this case, the malware that’s being distributed is Caphaw, a threat that’s designed to harvest banking information from victims.

The command and control server used by the cybercriminals appears to be hosted in Europe and it relies on a domain generation algorithm (DGA).

Bromium has notified Google of the attack, but so far, there are no details on how the cybercriminals have pulled this off.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s