Google provides details of a phishing campaign targeting YouTube users

issued Google has released a report detailing a phishing campaign directed against users of the YouTube platform, which included about 15,000 fake accounts and more than a million messages to targets.

Phishing attempts have been carried out by several hackers, and the company says it has recovered about 4,000 accounts since late 2019.

The attackers tried to convince content creators to use the password on a fake website. They also tried to infect computers with malware that would steal login cookies.

The platform does not say publicly who was recruiting hackers. But it turns out that they were using Russian-language forums to advertise.

The campaign’s focus on YouTube accounts, rather than traditional targets such as government computer systems or banks, shows how important it is to reach influencers’ social accounts and interest audiences.

The hackers reached out to users of the platform, pretending to offer ad deals promoting a VPN, antivirus or other software across the channel.

And if the creator agrees, they get a link. If clicked, it infects your computer with a variety of malware programs that are usually designed to steal cookies and passwords.

Given the prevalence of two-factor authentication, cookies can be a particularly valuable target. The hackers were looking for the cookies that websites used to store a user’s login session. These files are the reason why you don’t have to re-enter your password every time you visit a site.

And if the hackers got hold of the YouTube cookie and were able to use it before it expired, they might be able to take over the channel, and perhaps even change the passwords to log out the actual owners.

Since YouTube accounts are linked to Google accounts, these types of attacks also give hackers access to Gmail, Google Drive, photos, and other services associated with that account.

According to the company, the hackers were able to sell the accounts for prices between $3 and $4,000.

Read also: YouTube Adds New Caption Options

Google fights phishing scams against its users

Although having a YouTube account with a good number of subscribers is relatively cheap. The numbers might be too low because the hackers wanted to hold on to the accounts they thought could bring in money.

Technology whistleblower John Prosser said last year that hackers managed to make $10,000 by streaming the scam live on his channel.

This campaign, and similar ones, may be a motivating factor in why Google announced earlier this year that it was asking YouTube creators to turn on two-step verification. This makes a password and something like a phone or security key a requirement to log in.

The company also fights hackers in other ways, as it blocks its emails and files. In addition to warning users when they visit a malicious website in Google Chrome.

But given the value that creator accounts have, criminals probably won’t be deterred from trying to get them. And ever-evolving phishing attacks may be a part of life online for the foreseeable future.

Read also: Google bans monetization for climate change denial content

Related Articles

Leave a Reply

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker