Banking Malware Dispensed via YouTube Ads
Over one billion active viewers watch YouTube for over 6 billion hours every month in recent YouTube statistic studies. While viewing videos many users will have to wait 5 seconds for an ad to display before viewing the desired video, or one may receive a pop up ad in the middle of the video. While advertisements are a great source of revenue for YouTube artists, the YouTube ad network was recently hijacked serving rouge ads.
A recent study from bromium found that YouTube in stream ads were redirecting users to a rouge website serving the Styx Exploit Kit. The exploit kit relies on a Java vulnerability, and performs a drive by in the browser exploiting the computer, initially infecting it. Users begin streamed ads were redirected to the rouge advertisement serving up the Caphaw Banking Trojan. The Caphaw Banking Trojan is not a new banking trojan and has been around for some time.
The exploit has since been removed from YouTube and Google has notified users they are taking any security precautions needed. Google told The Hacker News
“We don’t yet know the exact bypass which the attackers used to evade Google’s internal advertisement security checks. Google has informed us that they’re conducting a full investigation of this abuse and will take appropriate measures.” researchers said.
The scale of this cyber attack is unknown and how many malicious ads have been served also remains unknown. Eset and many other antivirus companies have reported on this banking malware in the past, and are still marking it as malicious and potentially dangerous.
The exploit the hacker/s used to perform the drive by in browser was using a year old Java vulnerability. The Java developers, Oracle patched this in the past. It is recommended users always keep their Java and Adobe Flash player up to date, and only update their programs from their official website.