“It has the classic-looking square box that you're about to view a YouTube video but you get a pop-up that you're missing a component to view the video,” Ryan Sherstobitoff, chief corporate evangelist at Panda Security, told SCMagazineUS.com.
But when users attempt to install the missing plug-in – a missing Flash codec, for example – they are instead hit with a piece of malware, he said.
That malware can take the form of worms, trojans, viruses or adware, according to a PandaLabs blog post.
But Sherstobitoff said he is betting the creators behind this new application – called Constructor/YFakeCreator and written in Spanish – are the same ones who were behind last month's CNN and MSNBC malware scams.
In that case, the attackers tried to dupe users into downloading a "scareware" virus that tricks people into believing their machines are infected with malware so they'll purchase an anti-virus product that doesn't work.
This is a new trend that provides a potentially easier way for thieves to pilfer money off unsuspecting individuals, Sherstobitoff said.
“A lot of people have gotten much smarter with banker trojans,” he said. “Security on banking portals makes the attacks much more difficult to achieve.”
But in the case of the rogue anti-virus product, “a direct payment is disclosed [to the malware writers]," Sherstobitoff said.
Crooks may use the new YouTube tool in conjunction with some kit that enables them to compromise a legitimate website, through which the attack is then hosted, he said. In most cases, however, they will opt to register a new website and attempt to drive traffic there through a spam campaign.
“They can entice people with shocking news to go to this YouTube page,” he said. “It looks so authentic people don't realize it's a bad page.”
Spencer Crooks, a YouTube spokesman, said he was checking into Panda's discovery.