Home » Hacking » YouTube ads distribute Caphaw Banking Malware

YouTube ads distribute Caphaw Banking Malware

YouTube was one of the most commonly used website for video watching. Recently Security engineers of Bromium Labs found the YouTube ads are spreading the Caphaw family malware. Instream Video ads which were taking the users to the malicious website hosting the Styx exploit kit. (Styx refers to the underworld river over which the Charon who carries the souls of the dead is referred according to the dictionary. Styx Exploit kit is one of the dangerous malware which is a malicious code located in the websites which was illegally injected on legitimate without the knowledge of the hackers). After redirection which can perform the drive by download attack, here the exploits was a Java exploit for the client side vulnerabilities can infect the users with the Caphaw banking Trojan.

instream youtube ads

It is found that it uses DGA (Domain Generation Algorithm) for CnC(Command and Control Server) and it found that it was hosted somewhere in Europe which digging process is going on. Security Researches of Bromium had already contacted Google Security Team and they are working on and also for the prevention in the future. It is still unknown how many users were in to attack and it is known that there are about 1 billion users which may also a reason to be the target.

caphaw malware process by bromium

Some also recommend using the ad blocker to prevent from the malware.