Hackers Hunting Hackers: Backdoor-Infected Phishing Kits for Sale on YouTube

Exterminator

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
YouTube is the most recent platform used by cybercriminals to sell and distribute their tools, but it turns out that not even hackers can trust their fellow “colleagues.”

Security company proofpoint has discovered a recent campaign that involves selling phishing kits and tools that come with a backdoor which can send back all the phished information to the seller.

Specifically, cybercriminals are selling software on YouTube, promising to help wannabe attackers launch phishing attacks. And although these kits are efficient and can indeed be used in phishing attacks, they also include backdoors that collect the phished data and send it to the seller. It’s cybercriminals hacking cybercriminals.

“When we decoded the sample, we found that the author's Gmail address was hardcoded to receive the results of the phish every time the kit was used, regardless of who used it,” proofpoint says after inspecting one of the phishing kits. “In this same kit, we also found a secondary email receiving the stolen results. It is unclear if this is the same author as the first or if someone else added it and then redistributed the kit.”

YouTube not yet removing these videos
Surprisingly, these kits have been available on YouTube for many months now, and Google’s video-sharing service doesn’t seem to feature a detection system that could help automatically remove the links.

Most of the videos include tutorials or demos, and come with links in the description that lead to websites containing more information and purchase details.

“The old adage of ‘honor among thieves’ should be taken with a grain of salt, since multiple samples revealed authors including backdoors to harvest phished credentials even after new phishing actors purchased the templates for use in their own campaigns. The real losers in these transactions, though, are the victims who have their credentials stolen by multiple actors every time the kits are used,” proofpoint concludes.

The best thing we can do when coming across such videos is to report them to YouTube because sooner or later, they’ll still be removed. And for our own security, it’s better for this to happen sooner rather than later.
Click to expand...
 
  • Like
Reactions: silversurfer, Deleted member 2913, Wave and 1 other person
You must log in or register to reply here.

Similar threads

enaph
    • +Reputation
    • Like
    • Wow
Scams & Phishing News Microsoft “Poisons” Phishing Data With Fake Creds to Catch Hackers
Replies
0
Views
1,365
Security News
enaph
enaph
vtqhtr413
    • Like
    • +Reputation
Security News Threat actors use Tycoon 2FA kits to target MS 365 and Gmail accounts
Replies
3
Views
1,368
Security News
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Like
Malware News New Voldemort malware abuses Google Sheets to store stolen data
Replies
0
Views
2,034
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top