Category: YouTube

YouTube, a popular video-sharing platform owned by Google and a subsidiary of Alphabet Inc., is known for offering a vast range of content to its global audience. The platform generates revenue primarily through advertisements, allowing viewers to engage with the content by simply clicking and scrolling. However, while YouTube’s advertising model is widely recognized, the platform also faces a significant issue with cybersecurity threats lurking within the comments section below its videos.

Although a substantial portion of viewers—approximately 40% to 45%—take the time to scroll through the comments, the majority engage with the videos without ever looking at the feedback others have posted. Some viewers read the comments out of interest, while others, unfortunately, aim to profit by posting their own comments. This opens up a gateway for cybercriminals to exploit the platform for malicious activities.

A recent study conducted by cybersecurity researchers at TrendMicro highlights the rising danger posed by comments on YouTube videos. According to their findings, a significant number of comments contain phishing links or direct users to websites that host malware, such as Lumma and Vidar. These links can lead unsuspecting users to dangerous sites, putting their personal data and security at risk.

To make matters worse, some hackers are leveraging file-sharing platforms like Mega and Mediafire to distribute malware until it is detected by security systems. These sites can host harmful files that, when downloaded, infect users’ devices with malicious software.

The responsibility to protect viewers from these risks often falls on the content creators themselves. YouTube video producers, particularly in the early stages of their channels, need to vigilantly monitor and manage the comments posted beneath their videos. They should review each comment to ensure that it is free from malicious links, inappropriate content, or any other form of cyber threat. Only after careful inspection should content creators approve the comments for public viewing.

Failure to properly manage comments could result in significant consequences. If malicious content is found, Google may remove the video or suspend the channel, especially if it is discovered that the creator was complicit in allowing harmful practices for personal gain. In addition, YouTube may impose penalties, including account suspension or demonetization, for those caught engaging in activities aimed at exploiting the platform for profit.

Moreover, content creators who fail to address malicious comments risk tarnishing their reputation on the platform. This can lead to a decrease in follower engagement, a loss of likes, and even the dismissal of potential viewers. Maintaining a positive and secure environment is crucial for long-term success on YouTube, and content creators should take proactive steps to safeguard their reputation and protect their audience from cyber threats.

In conclusion, while YouTube offers a world of entertainment and educational content, its comment sections can be a breeding ground for cyberattacks if left unchecked. Content creators must remain vigilant in moderating comments to ensure that their platforms are not used to spread harmful content or exploit viewers for financial gain.

The post Cyber Threats lurking in YouTube Comments appeared first on Cybersecurity Insiders.

In today’s digital age, YouTube has become a platform where individuals, especially those between the ages of 14 and 33, are not just consuming content but actively creating it. From cooking tutorials and gaming streams to travel vlogs and tech reviews, the variety is endless. Aspiring content creators flood the platform daily with their unique videos, each hoping to attract more views, subscribers, and, ultimately, recognition in the form of YouTube’s coveted silver, gold, or platinum play buttons. For many, these achievements symbolize success and validation of their hard work. However, beneath the allure of these digital milestones lies a darker, increasingly concerning trend: a rising wave of cyber-attacks targeting YouTube content creators.

A recent report by Cloudsek has shed light on a disturbing new method cybercriminals are using to exploit YouTube influencers. These malicious actors are using phishing attacks disguised as business collaboration opportunities to distribute malware onto the devices of content creators. The attack typically comes in the form of an email offering to promote a creator’s 15-20 second video in exchange for some form of collaboration. While this may sound legitimate at first, it is merely a ploy to deliver a harmful payload of malware.

The process behind these attacks is both simple and devious. Cybercriminals craft emails that appear to be from a reputable brand or company. The emails often contain attachments in the form of documents or links, which, when clicked or opened, lead the unsuspecting recipient to a phishing site. These sites are designed to collect sensitive personal information such as bank account details, full names, addresses, and phone numbers. Once the targeted content creator or business enters their information in an attempt to claim the supposed benefits of the collaboration, the attacker gains access to their accounts, devices, and sensitive data, compromising their online security.

What makes these attacks even more dangerous is that, in some cases, the email attachments are password-protected. This step is intended to make the phishing attempt seem more legitimate and to reduce any suspicion. Additionally, the malware distributed through these emails is often obfuscated—meaning it is designed to evade detection by antivirus software and other threat monitoring systems. This makes it even more challenging for content creators to recognize and prevent the attack in time.

The consequences of falling victim to such an attack can be devastating. For many YouTube creators, the platform is not just a hobby, but a full-time profession that serves as a primary source of income. Losing access to a channel or compromising personal data could result in financial losses, reputational damage, and significant disruption to their careers. This is particularly concerning for influencers, marketing companies, and content creators who rely on their online presence to maintain their livelihoods.

Given the growing threat, it is crucial for content creators to exercise caution when responding to collaboration emails. Experts recommend double-checking the legitimacy of any unsolicited email offers by independently verifying the details. Instead of clicking on links or opening attachments, it is advisable to contact the business or promoter directly through official channels to confirm the legitimacy of the collaboration. Taking these extra precautions can help prevent a potential disaster and ensure that YouTube remains a platform for creativity and success, rather than a breeding ground for cybercrime.

In conclusion, while the pursuit of YouTube success is an exciting journey for many, it is essential to remain vigilant against the ever-evolving threats posed by cybercriminals. By staying informed, practicing good digital hygiene, and being cautious with online interactions, content creators can continue to thrive in the digital space without falling victim to malicious schemes that could jeopardize their careers.

The post Rising wave of cyber-attacks targeting YouTube content creators appeared first on Cybersecurity Insiders.

In our latest episode we discuss how a woman hid under the bed after scammers told her she was under "digital arrest", how hackers are hijacking YouTube channels through malicious sponsorship deals, and how one phone company is turning the tables on fraudsters through deepfake AI. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.
Two men are accused of stealing almost a quarter of a billion dollars from one person's cryptocurrency wallet, but why on earth would they be handing out handbags to strangers? And social media comes under the spotlight once more, as we ask if you are delving into misinformation in your most private moments... All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Disney Drops Slack Following Data Breach Allegations

In July, Slack, the widely-used corporate communication platform, suffered a cyberattack that resulted in the breach of terabytes of data. Consequently, the Walt Disney Company, which utilized Slack for internal communications, has decided to discontinue its use of the platform. By early next year, Disney will transition to an alternative solution.

Hugh Johnston, Disney’s CFO, confirmed this decision to CNBC, noting that all employees will be instructed to migrate to the new platform and will receive training by the end of the year.

Hacking Group Targets UK Parliament and WHO Officials on X

In recent days, a hacking group has compromised the X (formerly Twitter) accounts of several British parliamentarians and officials from the World Health Organization (WHO). The hackers displayed a promotional banner for various cryptocurrencies on these accounts, aiming to generate illicit profits. Among those affected were Justice Secretary Shabana Mahmood, Labour MP Chris Elmore, and Carolyn Harris, all of whom have since regained control of their accounts.

Implementing multi-factor authentication could significantly reduce the risk of such breaches.

United States company hacks Indian Supreme Court

In a troubling incident, the YouTube channel of the Supreme Court of India was hacked by cybercriminals who replaced its content with promotions for XRP, a cryptocurrency developed by Ripple Labs in North America. This incident raises questions about whether it was an advertising error or a genuine hack. Since 2018, the Supreme Court has been live-streaming cases of public interest, making this breach particularly concerning. The Indian government’s cyber teams swiftly regained control of the channel within 50 minutes and are currently working to restore it and identify the attackers.

The post Top data breach news headlines trending on Google appeared first on Cybersecurity Insiders.

Creating YouTube videos has evolved from a trend into a necessity, especially for Gen-Z, who increasingly use videos as a way to express themselves and gain quick popularity. However, what happens if a YouTube account gets hacked? Fortunately, those affected can now turn to YouTube’s AI-based Hacked Channel Assistant available through the YouTube Help Center.

This tool guides users through a series of straightforward questions to help them secure their accounts. Afterward, it suggests additional security measures, such as enabling multi-factor authentication, to protect against future breaches.

Currently, this recovery tool is available only in English, but YouTube plans to expand its support to 13 other widely spoken languages by early next year.

As a part of Alphabet Inc., Google has consistently prioritized user security and continues to develop tools to help safeguard accounts. With the rise in social media hacking, YouTube’s account recovery process aims to simplify the restoration of compromised accounts for content creators.

In related news, Cristiano Ronaldo’s official YouTube channel, which garnered 1 million subscribers within 90 minutes of its launch and 10 million within 10 hours, has recently been targeted by hackers. These impersonators are deceiving fans by promoting cryptocurrency scams. To avoid falling victim, ensure you’re following the authentic UR Cristiano channel, which boasts over 28 million subscribers. This channel achieved remarkable milestones, receiving the Gold Play Button within 90 minutes and the Diamond Play Button within 8 hours of its debut. Despite these achievements, Ronaldo still has a way to go to catch up to MrBeast, who holds the top spot with over 331 million subscribers. However, Ronaldo’s global fanbase suggests he could reach this milestone within a month or so.

For reference, Ronaldo has an impressive social media presence with over 636 million followers on Instagram, 171 million on Facebook, and 112.3 million on X (formerly Twitter).

The post YouTube offers AI Chatbot assistance for hacked accounts appeared first on Cybersecurity Insiders.

In episode eight of “The AI Fix”, our hosts tackle the latest news from the world of AI and learn about two important medical breakthroughs, Mark coughs, Graham ruins “Killing me softly”, and neither shows their junk to an AI. Graham explains humour to Mark and shares a donkey story he learned from a Bulgarian, … Continue reading "The AI Fix #8: Emergence, a rancid donkey, and the world’s funniest joke"

When you’re casually browsing through YouTube channels and encounter a tempting link in the description, think twice before clicking. There’s a rising trend where these links can lead unsuspecting users straight into the jaws of malware. As the demand for game cracks surges among youngsters, cybercriminals are capitalizing on this trend to distribute malicious software.

These criminals entice users with promises of free pirated software and game cracks, but what they’re really doing is leading them into serious trouble. This tactic mirrors previous schemes seen on websites offering free access to newly released movies. By embedding malware like Vidar, Lumma Info Stealer, Aurora Malware, and StealC onto video streaming pages, cybercriminals lure users into clicking, only for them to discover malware lurking on their devices days later, after indulging in consistent pirated movie streams.

The delivery methods for malware have evolved over time, with criminals now targeting specific audiences. Initially spread through pop-up ads, the focus has shifted to embedding malicious links within content-related comments, spanning across games, movies, and now YouTube.

It’s crucial to remember that downloading pirated software, movies, songs, apps, or games is not only prohibited but also against government regulations worldwide. Engaging in these practices not only poses risks to your device but also exposes you to information-gathering malware and potential espionage.

In response, Google is actively combatting these threats by removing malicious links from channels and suspending accounts found engaging in such activities.

Furthermore, YouTube channel owners and content creators should ensure that their description tabs are free from any promotional links. Vigilance is key: carefully monitor comments to weed out spam and only approve those from genuine users. By staying cautious and informed, we can all contribute to a safer online environment.

The post YouTube being used by hackers to spread Malware appeared first on Cybersecurity Insiders.

Whenever we see a YouTube video that is informative, we tend to go through the description or ‘show more’ feature and have a habit of clicking on the links. What if the link leads us to a website that is a malware dropper?

A new report by cloud security firm CloudSEK says that there has been a 200% to 300% monthly rise in such attacks, where the videos are filled with info stealing malware.

This is being possible, as hackers are using AI programs such as Synthesia and D-ID to embed malicious links in the videos, some with the knowledge of the host and, in most cases, without the user’s knowledge.

Most of the videos pertaining to educational training, recruitment details, product reviews, gaming tutorials and movie promotional video bits are being used to spread such nasty malware, say experts.

RedLine, Racoon, Fraser, Vidar, WallPost are some of the malware that are being spread through videos having 1000s of views.

Slowly and steadily, the practice has spread to Twitter and Instagram platforms, with the practice becoming a never-ending trend.

Google, the Alphabet Inc has already an effective automated threat monitoring tools to curb such info-stealer spread. However, users generating such content should also keep a watch on their videos from time to time and find and report any such malicious links to the service provider, as soon as they are discovered.

NOTE- Product review videos such as the one describing a computer, mobile phone or something sold on Amazon often attract the attention of hackers. As they can embed malicious links diverting the viewer to info-stealing websites. Thus, better be careful with such video descriptions by avoiding clicking on such links.

 

The post YouTube becomes a heaven to malware stealers appeared first on Cybersecurity Insiders.