Of course, YouTube doesn’t give you the option to download the movies it hosts – so it’s not an enormous surprise that all manner of tools and browser plugins have been created over the years to help you do it.
Sadly, online criminals and fraudsters are only too aware of this trend – and have created YouTube video downloading plugins for your browser which can lead to your computer being infected with malware, or help them earn money by messing with your browser’s search results or displaying irritating adverts.
Spider.io has published a detailed report looking at two plugins designed to let you download YouTube videos: Easy YouTube Video Downloader plugin and Best Video Downloader.
You may see plugins like these associated with companies named Yontoo, Alactro and Sambreel. Don’t be confused – they’re all the same bunch of people.
What Spider.io discovered was that the two plugins display ads on the YouTube website when it is viewed by affected PCs, a breach of YouTube’s rules. Furthermore, some of the ads displayed direct users to malware.
What’s perhaps surprising to many is that legitimate brands can often appear in these injected adverts on YouTube.
Here, for instance, is an advert from Sprint which the Easy YouTube Video Downloader plugin has injected into a YouTube page:
And here are more adverts from Amazon, Toyota and Norton (yes, Norton!):
Spider.io says that the display ad slots are being bought by premium advertisers such as Amazon Local, American Airlines, AT&T, BlackBerry, Cadillac, Domino’s, Ford, Kellogg’s, Marriott, Norton, Toyota, Sprint, Walgreens and Western Union.
The good news is that they are legitimate brands. They are probably unaware of how their adverts are appearing, having purchased slots on advertising exchange networks. But advertising slots are also being purchased by criminals, with the intention of infecting computers with malware.
Here, for instance, is a bogus security warning about Java – distributed via a malicious advert, inserted into YouTube by the Easy YouTube Video Downloader plugin.
Your Java Version is outdated, have Security Risks. Please Update Now!
If you are tricked by the warning message, you might find yourself downloading a bogus security update for java, designed to install malware onto your computer.
Google, who owns YouTube, are almost certainly doing a much better job of policing adverts on their network than the networks being used by these third-party plugins. And yet, any users who become infected are likely to blame YouTube for the problem, not realising that it was the software they installed to download videos that introduced the increased threat.
At the time of writing, the two YouTube downloading plugins mentioned by Spider.io appear to have been removed from distribution. However, don’t be surprised if more pop up with different names, and bear in mind the risks that you could be taking if you trust running them on your computer.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.