A new report from Google’s Threat Analysis Group (TAG) highlights an ongoing phishing campaign against YouTube content creators, which typically results in compromise and selling channels to broadcast cryptocurrency scams.
TAG attributes the attacks to a group of hackers recruited from a Russian-language forum who hacked the author’s channel, providing fake collaboration opportunities. Once hacked, YouTube channels are either sold to the highest bidder or used to stream cryptocurrency:
“A large number of hacked channels were announced as real-time crypto-currency scams. In the account trading markets, the cost of captured channels ranged from $3 to $4,000 depending on the number of subscribers.”
YouTube accounts were reportedly hacked by stealing cookies, which are fake programs configured to run on the victim’s computer undetected. TAG also reported that the hackers also altered the names, profile pictures, and content on YouTube channels to mimic big tech companies or cryptocurrency exchanges.
According to Google, “the attacker broadcast a video in which he promised to give away cryptocurrency in exchange for a down payment.” The company has invested in tools to detect and block phishing emails and social engineering messages, intercepting direct streams of cookie theft and crypto fraud as a countermeasure.
Through continued efforts, Google has been able to reduce the volume of phishing emails from Gmail by 99.6% since May 2021. “Through increased detection efforts, we have observed that attackers have switched from Gmail to other email service providers (mainly email .cz, seznam. cz) .and Post.cz and aol.com),” the company added.
Google has shared the above findings with the US Federal Bureau of Investigation (FBI) for further investigation.
Related Topics: CoinMarketCap Hack 3.1 Million User Email Addresses Leaked
The CoinMarketCap website is said to have leaked more than 3.1 million (3117548) user email addresses.
According to a report by Cointelegraph, Have I Been Pwned, a website dedicated to tracking cyber attacks, found hacked email addresses circulated and marketed online on various hacking forums.
CoinMarketCap has acknowledged a connection between the data breaches and its user base, but claims that no evidence of the breach has been found on their internal servers:
“Because the data we saw does not include passwords, we believe it was most likely obtained from a different platform where users can reuse passwords across multiple sites.”