Google Threat Analysis Group has discovered a series of phishing campaigns that target YouTubers using Cookie Theft Malware. The report states that this group was able to halt these phishing campaigns successfully.
According to the report, the threat actors who launched this campaign are affiliated with a Russian-speaking forum. The threat actors lured victims into these phishing campaigns using fake collaboration opportunities.
Financially Motivated Hack
“The actors behind this campaign, which we attribute to a group of hackers recruited in a Russian-speaking forum, lure their target with fake collaboration opportunities (typically a demo for anti-virus software, VPN, music players, photo editing or online games), hijack their channel, then either sell it to the highest bidder or use it to broadcast cryptocurrency scams.”
The report stated that the revelation into this hack was made together with Gmail, YouTube, Trust and Safety and other teams that seek to reduce the number of phishing emails sent using Gmail. The report noted that the efforts of this collaboration have reduced these phishing emails by 99.6% since May 2021.
The report stated that due to the blockage of phishing campaigns on Gmail, campaigns were shifting towards other platforms. Google further stated that the results of this campaign were forwarded to the FBI to ensure protection for users.
Hackers Targeting YouTubers
The report also showed that the hackers were using a Cookie Theft attack, a hijacking technique that enabled the hackers to access the user accounts using session cookies stored in the browser. This technique is an ancient one, and Google noted that its resurgence could be due to the increased use of multi-factor authentication processes.
YouTubers use an email address that is linked to their channel to promote business communications. The attackers sent fake business emails impersonated a real company, asking the YouTubers to collaborate in video promotion.
The phishing email is created to convince a user that the company is legitimate and even glimpse the offered services. However, once the YouTuber agrees to the deal, they would be directed to a landing page containing malware. In some instances, the YouTuber would receive a PDF on Google Drive containing the phishing links.
Google identified 15,000 email accounts that the threat actors had created to enable this campaign. The attackers had also registered several domains using fake documents. Google noted that around 1,011 domains were created to help the threat actors in this campaign.
Looking to buy or trade Crypto now? Invest at eToro!
67% of retail investor accounts lose money when trading CFDs with this provider