Google Details Extensive Phishing Campaign Targeting YouTubers

Google has put out a report detailing a phishing campaign directed at YouTubers, which involved around 15,000 fake accounts and over a million messages to targets. The phishing attempts were carried out by multiple hackers, and the company says it’s recovered around 4,000 accounts since late 2019.

YouTube doesn’t publicly say who was recruiting the hackers, only that they were using Russian-language forums to advertise. The campaign’s focus on YouTube accounts, instead of traditional targets like government computer systems or banks, shows how valuable gaining access to influencers’ social accounts and audiences’ attention can be.

The attackers weren’t just trying to get the creators to put their password into a fake website, though they were trying to infect their computer with malware that would steal their login cookies, which is a much more intensive attack than sending a link and waiting for someone to get sloppy with their passwords.

The hack generally worked like this: hackers reached out to the YouTubers, pretending to offer ad deals promoting a VPN, antivirus program, or other software on their channel. If the creator agreed, they got a link that, if clicked, would infect their computer using a variety of malware programs, usually designed to steal cookies and passwords.

Due of the prevalence of two-factor authentication through prompts, codes, or hardware keys, the cookies may have been an especially valuable target hackers were looking at the ones that websites use to store a user’s log-in session. These files are the reason you don’t have to re-enter your password every time you visit a site.

If the hackers got the YouTube creators’ cookie and were able to use it before it expired, they may have been able to take over the channel, and potentially even change passwords to lock the rightful owners out. Of course, since YouTube accounts are tied to Google accounts, these kinds of attacks also gave hackers access to Gmail, Google Drive, Photos, and other services that were tied to that account.

According to Google, after all that work, hackers were able to sell the accounts for anywhere from $3 to $4,000. While that feels relatively cheap to get a YouTube account with a good number of subscribers, the numbers may be so low because the hackers wanted to hang on to accounts that they thought could really pull in money last year, tech leaker Jon Prosser told Motherboard that hackers were able to make $10,000 by livestreaming a scam on his channel, promising to double any Bitcoins viewers sent in.


Your email address will not be published. Required fields are marked *