As the security researchers from the security company Proofpoint has discovered a recent campaign which is dedicated to the sale of kits with tools to carry out phishing and tools that come with a backdoor which can send back all the phished information to the seller. The cyber criminals are selling this unique software on YouTube, which promises its buyers to help aspiring hackers to launch phishing attacks to third parties. Although these kits are efficient and perform their initial task, as they are trained to carry out attacks like phishing as promised by its vendors, also they include backdoors that collect data such attacks and send it to the seller as we told earlier. After examining one of the phishing kits the security company Proofpoint says that “When we decoded the sample, we found that the author’s Gmail address was hardcoded to receive the results of the phish every time the kit was used, regardless of who used it. In this same kit, we also found a secondary email receiving the stolen results. It is unclear if this is the same author as the first or if someone else added it and then redistributed the kit”. However, the most strange thing is the giant video platform of the tech giant Google, YouTube has not yet removed these videos, which is really surprising, and not only that, as this stuffs are already available on the portal for months. So, the video-sharing service YouTube doesn’t seem to feature a detection system that could help it to automatically remove the links. It is noteworthy that most of them include tutorials or demos to use the kit and contain a number of links leading to websites that have more information and details for the buyers or purchasers. Moreover, the security company Proofpoint also added that “The old adage of ‘honor among thieves’ should be taken with a grain of salt, since multiple samples revealed authors including backdoors to harvest phished credentials even after new phishing actors purchased the templates for use in their own campaigns. The real losers in these transactions, though, are the victims who have their credentials stolen by multiple actors every time the kits are used”. Although at first this may be seen as a clear attack against the attackers themselves undoubtedly the biggest losers here are again the victims of phishing, as the victims are those who ultimately suffer the consequences of theft of credentials. So, for our own security, we can do the best thing is to report such videos to YouTube, so that such videos get removed by the YouTube.


