Is that YouTube Video Downloader browser plugin safe? Beware!

Graham Cluley
Graham Cluley
@[email protected]

Download YouTube videoA lot of people, it seems, are keen to download videos from YouTube so that they can view them without the need to be online.

Of course, YouTube doesn’t give you the option to download the movies it hosts – so it’s not an enormous surprise that all manner of tools and browser plugins have been created over the years to help you do it.

Sadly, online criminals and fraudsters are only too aware of this trend – and have created YouTube video downloading plugins for your browser which can lead to your computer being infected with malware, or help them earn money by messing with your browser’s search results or displaying irritating adverts. has published a detailed report looking at two plugins designed to let you download YouTube videos: Easy YouTube Video Downloader plugin and Best Video Downloader.

Sign up to our free newsletter.
Security news, advice, and tips.

You may see plugins like these associated with companies named Yontoo, Alactro and Sambreel. Don’t be confused – they’re all the same bunch of people.

What discovered was that the two plugins display ads on the YouTube website when it is viewed by affected PCs, a breach of YouTube’s rules. Furthermore, some of the ads displayed direct users to malware.

What’s perhaps surprising to many is that legitimate brands can often appear in these injected adverts on YouTube.

Here, for instance, is an advert from Sprint which the Easy YouTube Video Downloader plugin has injected into a YouTube page:

Sprint advert

And here are more adverts from Amazon, Toyota and Norton (yes, Norton!):

Injected adverts says that the display ad slots are being bought by premium advertisers such as Amazon Local, American Airlines, AT&T, BlackBerry, Cadillac, Domino’s, Ford, Kellogg’s, Marriott, Norton, Toyota, Sprint, Walgreens and Western Union.

The good news is that they are legitimate brands. They are probably unaware of how their adverts are appearing, having purchased slots on advertising exchange networks. But advertising slots are also being purchased by criminals, with the intention of infecting computers with malware.

Here, for instance, is a bogus security warning about Java – distributed via a malicious advert, inserted into YouTube by the Easy YouTube Video Downloader plugin.

Fake Java security warning

Your Java Version is outdated, have Security Risks. Please Update Now!

If you are tricked by the warning message, you might find yourself downloading a bogus security update for java, designed to install malware onto your computer.

Fake Java download

Google, who owns YouTube, are almost certainly doing a much better job of policing adverts on their network than the networks being used by these third-party plugins. And yet, any users who become infected are likely to blame YouTube for the problem, not realising that it was the software they installed to download videos that introduced the increased threat.

At the time of writing, the two YouTube downloading plugins mentioned by appear to have been removed from distribution. However, don’t be surprised if more pop up with different names, and bear in mind the risks that you could be taking if you trust running them on your computer.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Is that YouTube Video Downloader browser plugin safe? Beware!”

  1. the geek

    just use idm or jdownloader so much easier and hassle free

  2. Brian Cooper

    I definitely don't trust a lot of the options out there…have made some mistakes in the past by trusting the wrong software. I stick with the torch browser now because it has an embedded video grabber, and is a regular internet browser. There might be better ways of doing it, but for now I'll stick with what isn't giving me malware.

    1. Ik22 · in reply to Brian Cooper

      You can use one of the Firefox extensions at the Mozilla
      add-ons web site. Only a few malware incidents in the past few
      years, because add-ons are thoroughly reviewed.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.