Google says YouTube creators have been targeted with cookie-theft malware in phishing attacks organised by financially motivated threat actors.
- The hackers use fake collaboration opportunities to hijack the channel of YouTube creators.
- Once seized the channel, attackers either sell it to the highest bidder or operate it in a cryptocurrency scam scheme.
- Hijacked channels varied from $3 to $4,000, depending on the number of subscribers.
Google says YouTube creators have been targeted with cookie-theft malware in phishing attacks organised by financially motivated threat actors.
Google's Threat Analysis Group (TAG) researchers first spotted the campaign in late 2019 and found that multiple hack-for-hire actors recruited via job ads on Russian-speaking forums were behind these attacks.
The threat actors used social engineering ( through fake software landing pages and social media accounts) and phishing emails to infect YouTube creators with information-stealing malware, chosen based on each actor’s preference.
Malware detected in the attacks includes commodity strains like RedLine, Predator The Thief, Nexus stealer, Vidar, Azorult, Raccoon, Grand Stealer, Masad, Vikro Stealer, and Kantal, as well as open-source ones like AdamantiumThief and leaked tools such as Sorano.
Once transmitted on the target’s systems, the malware was employed to steal their credentials and browser cookies, allowing the attackers to hijack the victim’s accounts in pass-the-cookie attacks.
"While the technique has been around for decades, its resurgence as a top security risk could be due to a wider adoption of multi-factor authentication (MFA) making it difficult to conduct abuse, and shifting attacker focus to social engineering tactics," said Ashley Shen, a TAG Security Engineer.
"Most of the observed malware was capable of stealing both user passwords and cookies. Some of the samples employed several anti-sandboxing techniques including enlarged files, encrypted archive and download IP cloaking."
Google also reported this malicious activity to the FBI for further investigation to protect YouTube users and creators targeted in the campaign.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?