Since the end of 2019, YouTube creators have fallen victim to a major phishing campaign. A group of hackers has used fake ad partnerships to trick YouTube creators into installing malware on their computers.
The goal was to hijack YouTube channels and then resell or use them for cryptocurrency scams, Google security researchers said.
Many YouTube creators list an email address on their channel so companies can contact them for collaborations. Cybercriminals take advantage of this. The attackers send the YouTube creators a corporate email pretending to be a company. These phishing messages are often almost indistinguishable from real messages. In the email, scammers ask if the YouTube creators want to try certain software.
This concerns, for example, online games, VPNs, demos for antivirus software or photo editing. When the YouTube creator agrees to the proposal, they receive a download link to a fake website. The website is indistinguishable from the real thing and ensures that the YouTube creators have no idea that it is a fake collaboration.
The files presented on the legitimate-looking websites are actually malware. When the victim executes the malware, browser cookies are stolen and forwarded to the attackers. In this way, cybercriminals gain control over users’ YouTube accounts. These YouTube channels are resold on the Internet to the highest bidder.
Google indicates that depending on the number of subscribers, a channel can bring in $4,000. Many hijacked channels are also used for scams with cryptocurrency.
Google security researchers have traced the phishing attacks to a Russian-language internet forum, where the hackers were likely recruited to carry out the phishing attacks. In return, the hackers were promised a share of the profits.
Cookie theft has been around for years, but we are now seeing a resurgence of this form of cybercrime. Google’s Threat Analysis Group indicates that this may have to do with the rise of two-step verification. With two-step verification, you add an extra layer of security. This extra security makes your account more difficult to hack.
Over 1 million phishing messages blocked
Google says it has blocked 1.6 million phishing messages from attackers since May 2021. Through various partnerships with YouTube and Gmail, among others, Google has reduced phishing-related emails by 99.6%.
Due to the increased detection efforts, Google sees that Gmail attackers have switched to other email providers such as email.CZ, Seznam.CZ, post.CZ and aol.com.
Google advises users to enable two-step verification to better protect themselves. It is also a good idea to run an antivirus scan on unknown software before installing it.
Catch up on more articles here
Follow us on Twitter here