Poisoned YouTube ads serve Caphaw banking trojan
Recent YouTube visitors should be extra vigilant after ads on the website were found to be poisoned.
According to researchers at Bromium Labs, who blogged about the threat on Friday, YouTube’s ad network was compromised to host the Styx exploit kit.
The kit, which in recent news was pegged as compromising online retailer Hasbro.com, was leveraged to spread a nasty banking trojan, called Caphaw, to users. The Styx exploit kit spread the malware by taking advantage of a Java vulnerability (CVE-2013-2460), which was patched last year.