A hacker has begun selling what they claim is a zero-day exploit that will let criminals hijack control of Yahoo Mail users’ accounts. The hacker, who goes by the moniker The Hell, posted a video marketing a $700 exploit kit on the secretive Darkode cybercrime market on Monday. The video was later spotted and re-posted onto YouTube by security blogger Brian Krebs.
The exploit infects users machines via a malicious email link and reportedly targets a cross-site scripting (XSS) weakness in Yahoo.com .
TheHell claimed that when clicked the malicious link exploits a cross-site scripting bug that lets criminals steal Yahoo Mail cookies. The cookies can then reportedly be used to log into and steal control of any compromised Yahoo mail account.