Tech giant YouTube is becoming a new breeding ground for cybercriminals to manipulate and scam people.
Social engineering methods account for 90% of blocked threats on mobile devices. So, this means that YouTube has become a particularly attractive platform for spreading fraudulent activity through phishing campaigns, social engineering videos, and compromised channels.
According to new research from Avast, human manipulation is the most important factor behind the success of cyber threats.
Fraud tactics increase
Fraudsters often collaborate with channels with large audiences to gain trust and then spread their malware. Malware can lead to account hijacking or cookie theft, which can result in the theft of the channel. Scammers also exploit popular topics such as gaming and antivirus issues, inserting malicious links in video descriptions to download malware onto victims’ devices.
Cryptocurrency scams are also becoming increasingly common on YouTube. Capitalizing on the growing interest in cryptocurrencies, cybercriminals hijack cryptocurrency channels and run fake campaigns encouraging users to deposit funds.
Desktop threats are also important
Avast’s investigation is not limited to YouTube. Threat actors like the Lazarus Group operate in the desktop environment and run a sophisticated APT campaign targeting users in Asia. This campaign attempts to lure people with misleading job offers. An exploit using vulnerabilities in Windows drivers and endorsed by Microsoft has also been discovered.
Ransomware and RAT attacks on the rise
The first quarter of 2024 saw a slight increase in ransomware cases. LockBit ransomware was neutralized by law enforcement but quickly resurfaced and attracted attention. Researchers identified a new strain of ransomware called HomuWitch and developed decryption tools to help affected users.
Remote access trojans (RATs) also remain a significant cybersecurity threat. However, law enforcement agencies have conducted successful operations against threats such as the Warzone RAT, resulting in numerous arrests.
Mobile threats are also evolving
On mobile, worrying developments include the re-emergence of adware in the PlayStore, the emergence of auto-initiated banker-type malware such as MoqHao, and scams like GoldPickaxe that attempt to steal facial recognition biometrics. State-sponsored spyware also continues to pose a serious threat to citizens.
Avast’s research reveals that cybercriminals increasingly use popular platforms like YouTube for human manipulation and scams.
Featured image credit: Luis Villasmil / Unsplash
