Unencrypted YouTube video streams can be filled with malicious code, which will allow the hacker to gain control over the computer, smartphone, or other device, unbeknownst to the user.
Hackers sometimes set their sights on a specific target. When this person is targeted, the hacker finds a way to physically access their device. YouTube videos are one way in which hackers can physically access the smartphone or another Android device of a targeted victim. A hacker can simply insert malicious code into an unencrypted YouTube video that the victim may watch and, when watched, the code makes its way onto the device of the victim.
This allows the hacker to gain access to all of the information on the device. Mangled voice commands hidden in YouTube videos can be used as a manner in which to insert the malicious code.
Devices that execute voice commands can pick up on these mangled commands and execute them. The mangled command typically works by instructing the device to download and install malware. The victim of this type of attack may have all of his or her data that is kept on the device compromised.
The good news is that this type of hacking attack is complicated and is usually directed at specific targets. Thus, the ordinary YouTube video watcher does not have to worry about being hacked in this nature, at least not until the hacking technology is improved.
Hopefully, YouTube will find a way to improve upon the security of its videos by then. The threat name is "GetCodec. See the scanned trojan here. Many anti-malware vendors now have added detection by looking for the URL signatures inside media type files. Always keep your media player software up-to-date to avoid vulnerabilities. For more information, please contact one of our critical infrastructure cybersecurity experts. Users who follow an e-mail pointing them to one of the pages would see an error message that claims the video they want won't play without installing new software first.
That error message includes a link the hacker has provided to a malicious program, which delivers a virus. Even worse: once the computer is infected, it's simple for the hacker to silently redirect the victims to a real YouTube page to see videos they were hoping to see — and hide the crime.
The tactic itself isn't new: There's a constant push by criminals to build more convincing spoofs of legitimate sites to trick people into downloading harmful software. And the latest attacks don't target any vulnerability in the YouTube site.
0コメント