Google’s Threat Analysis Group (TAG) highlights an ongoing phishing campaign against YouTube creators, typically resulting in the compromise and sale of channels for broadcasting cryptocurrency scams.
It has been reported that the TAG attributes the attacks to a group of hackers recruited in a Russian-speaking forum that hacks the creator’s channel by offering fake collaboration opportunities.
Once hijacked, the YouTube channels are either sold to the highest bidder or used to broadcast cryptocurrency scams:
“A large number of hijacked channels were rebranded for cryptocurrency scam live-streaming. On account-trading markets, hijacked channels ranged from $3 USD to $4,000 USD depending on the number of subscribers.”
However, the YouTube accounts are reportedly being hacked using cookie theft malware, a fake software configured to run on a victim’s computer without being detected. TAG also reported that the hackers also changed the names, profile pictures, and content of the YouTube channels to impersonate large tech or cryptocurrency exchange firms.
“The attacker live-streamed videos promising cryptocurrency giveaways in exchange for an initial contribution.”
The report said that the company invested in tools to detect and block phishing and social engineering emails, cookie theft hijacking, and crypto-scam live streams as a countermeasure. Given the ongoing efforts, Google has managed to decrease the volume of Gmail phishing emails by 99.6% since May 2021.
The company added:
“With increased detection efforts, we’ve observed attackers shifting away from Gmail to other email providers (mostly email.cz, seznam.cz, post.cz and aol.com).”
Google has shared the above findings with the Federal Bureau of Investigation (FBI) of the United States for further investigation.
Thus, over 3.1 million (3,117,548) user email addresses were reportedly leaked from a crypto price-tracking website called CoinMarketCap.