Those cute little cat video you just watched could cost you millions. And it’s not just about cat videos – innocent videos on YouTube can be used to infect computers with dangerous malware, as revealed in the latest report by Morgan Marquis-Boire, a hacker-turned-researcher. In the report created for Citizen Lab, he described how a simple network injection tool can be used to infiltrate home computers.Such video attacks that use network injections have their own strengths and weaknesses. Other attacks like watering hole and phishing need the user to do something ‘wrong’, like clicking on an infected file or link. Network injections don’t need that. Any simple browser behavior, such as watching a funny cat video, can trigger such attacks. There is a limit, however – once the user’s computer has been infected, the infection is confined to the browser. And such network injection tools aren’t even difficult to find; they can be easily procured from companies like FinFisher and Hacking Team.

These tools, or rather appliances, are physical devices that can be stored inside ISP servers all over the world. To execute an attack, the malicious code is injected into the everyday browsing traffic. One simple way to do this is by using YouTube streams that are unencrypted. The hacker can target a user and then wait for them to watch a YouTube video. They can then intercept the traffic and replace it with their own code. This would give them complete control over the user’s device.

This method can be used for any unencrypted website that offers targeted traffic, but since YouTube is one of the most commonly visited websites, it can be an easy target for hackers. Another website that can be exploited in this way is login.live.com of Microsoft. Google and Microsoft have taken a note of this vulnerability and have encrypted all targeted traffic. This has made most videos safe; however, there are other vulnerabilities that devices from FinFisher and Hacking Team can exploit.

This can turn into a high-level problem, and companies have to take action to make sure that the Internet experience can become safe for an average user. Meanwhile, users can encrypt their files to make sure that no data can be stolen from their computers. This is not the only hacking tool that is easily available. Tools that could perform man-in-the-middle attacks have been openly available for many years. For example, the Ettercap open source tool allows the hackers to intercept and manipulate traffic on LANs. This tool was developed by Marco Valleri and Alberto Ornaghi in 2001. These two guys are the founders of Hacking Team, the same company that creates network injector devices that can infect YouTube videos.

The only thing that could prevent such attacks is encryption. With the rising number of hacking cases, there is a need for an encrypted Internet that can protect an average user from malware. Web developers need to make sure that their websites are encrypted and safe to use. Until then, users need to be wary of their online activities, including watching cat videos on YouTube.