YouTube content creators are being targeted with phishing malware through the application’s Share Video by Email feature to load malicious files from what appears to be a legitimate YouTube email address.
The email, which shows "[email protected]" as the sender, lures targets into opening a malicious file. The attack isn’t your basis phishing attempt that spoofs an account but rather one in which the tricksters are abusing the platforms’ sharing system, said social media content creator Kevin Breeze in a tweet.
“This is very serious. Don’t fall for it,” Breeze posted.
YouTube’s warning to users as posted in a tweet is to “be cautious & don’t download/access any file if you get this email (see below),” which includes a link to a Google Drive file. The email informs victims of a new monetization policy and new rules and tells the target that they have seven days to respond or access to their account will be restricted. Finally, the ruse is signed by “YouTube team.”
FBI Issues "Juice Jacking" Warning
Meanwhile, in a separate action, the Federal Bureau of Investigation (FBI) warned consumers to stay away from charging stations in public places because hackers have figured out how to exploit USB ports to slip malware onto mobile devices.
So-called “juice jacking,” where hackers use public chargers to infect mobile devices with malware, dates to 2021 when the Federal Communications Commission (FCC) cautioned users that “malware installed through a dirty USB port can lock a device or export personal data and passwords directly to the perpetrator. Criminals can use that information to access online accounts, lock phones or sell personal data to other bad actors.”
Now, in this instance, the Denver, Colorado FBI field office wrote in a Twitter post:
- Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices.
- Carry your own charger and USB cord and use an electrical outlet instead.
In some cases, criminals have left cables plugged in at the stations to entice consumers to use the charging outlets.
More Charging Station Advice
The FBI also offers similar advice on its website for users to avoid public charging stations. Here’s what the law enforcement agency recommends:
- Be careful when connecting to a public Wi-Fi network and do not conduct any sensitive transactions, including purchases, when on a public network.
- Avoid using free charging stations in airports, hotels, or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports.
- Carry your own charger and USB cord and use an electrical outlet instead.
