YouTube Becomes Latest Battlefront for Phishing, Deepfakes

Personalized phishing emails with fake collaboration opportunities and compromised video descriptions linking to malware are just some of the new tricks.

YouTube has turned into a new front for malicious actors to deploy phishing, other malware, and bogus investment schemes, according to a report from researchers at security vendor Avast.
The researchers specifically homed in on
Lumma
and RedLine — especially regarding phishing, scam landing pages, and malicious software. YouTube acts as a traffic distribution system, directing users to these malicious sites and pages, supporting scams of varying severity.
In addition,
deepfake videos
are on the rise on the video platform, misleading viewers with realistic but fake people or events and spreading disinformation. Avast found multiple accounts with more than 50 million subscribers each that were compromised and hijacked to spread cryptocurrency scams reliant on deepfake videos. These videos include fake comments to deceive other viewers and contain malicious links.
Researchers observed five different ways
YouTube can be exploited
by threat actors. Personalized phishing emails to YouTube creators propose fake collaboration opportunities intended to gain the creators trust before sending malicious links. Bad actors also use compromised video descriptions containing malicious links to trick users into downloading malware. They further resort to hijacking YouTube channels and repurpose them to spread other threats, such as cryptocurrency scams.
Researchers also observed exploitation of software brands and legitimate-looking domains with fraudulent websites loaded with malware. The attackers created videos using social engineering techniques that guide users to allegedly helpful tools that are actually malware disguised.
Avast credits its own scanning capabilities with protecting more than 4 million YouTube users in 2023 and approximately 500,000 users in the first quarter of this year.
Trevor Collins, WatchGuard Network security engineer, emphasizes the importance of companies and security leaders preparing their teams and organizations for these kinds of threats.
Regular education is essential. Make people aware that there are scammers out there doing this, Collins says. In addition, train and reassure them that its OK to notify either their security team or other people within the company if theyve gotten an unusual request — for instance, to provide login credentials, move money, or go buy a bunch of gift cards — before acting on it.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
YouTube Becomes Latest Battlefront for Phishing, Deepfakes