Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Malicious YouTube Pages Targeting Chrome Users

Researchers at Zscaler have discovered a fake YouTube page that is hosting malicious Chrome extensions. Such pages, as seen in the past, prey on the uninformed users with poorly patched systems to spread malware.

Researchers at Zscaler have discovered a fake YouTube page that is hosting malicious Chrome extensions. Such pages, as seen in the past, prey on the uninformed users with poorly patched systems to spread malware.

Fake YouTube pages have been leveraged by criminals for years, and often used to spread malware under the guise of video codecs. Normally, they target Internet Explorer and Firefox users.

Zscaler’s discovery of such a page targeting Google Chrome users is new. The fact that the malicious Chrome extension is hosted on the official Google Chrome store is bold, but the attacker behind this latest scheme slaps the search giant a second time by leveraging the Google URL shortening service to propagate the attack.

“It looks like the author of this malicious extension doesn’t have a high opinion of Google’s security by using Google for hosting the extension and using their URL shortener to inject the malicious JavaScript,” Zscaler’s Julien Sobrier wrote in the company’s blog.

Assuming the victim clicks on any of the adds, or the video player itself, the fake page attempts to install a Chrome extension that claims to record YouTube videos. The extension warns the user that the permissions essentially hand over complete control, but like other warnings – the attacker is counting on the fact that this heads-up will be ignored.

Fake YouTube page Installs Malware

Once installed, the ability to access Tools or Settings in Chrome is denied, and the victim’s (when the attack was fully functional) accounts on Facebook, YouTube, Last.fm, and Twitter are spammed with additional malicious links.

The attack is somewhat disabled, but parts of it are working – including the spamming of Facebook’s Timeline. It’s possible that the other three services can be targeted down the line, as the attacker needs only to acquire additional hosting.

Zscaler has more details available on their blog. It’s likely that the malicious extension was cleared for hosting on the official store, due to the fact that it complies by offering a control warning. In June 2012, Google disabled the installation of extensions for 3rd-party sites, and silent installs were given the axe later that same year.

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Cybercrime

Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.