2 min read

Massive Phishing Campaign Seeks to Steal YouTube Creators Accounts

Radu CRAHMALIUC

October 22, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Massive Phishing Campaign Seeks to Steal YouTube Creators Accounts

A group of hackers recruited on a Russian-speaking forum has been running a large phishing campaign against YouTube Creators since late 2019, Google’s Threat Analysis Group (TAG) revealed in a recent blog post.

The perpetrators, seeking cash, have created over 15,000 fake accounts and 1,011 domains specifically for this operation. They send forged business emails impersonating a legitimate company and lure targets with fake collaboration opportunities that require the victim to test a fake VPN, an online game, a COVID-19 news platform, or even bogus anti-virus software.

If the target agrees to the business opportunity, they receive a fake software download URL that redirects them to a malware-laden landing page. The malware then executes, transferring both cookies and passwords from the victim to the attacker’s servers.

“While cookie theft, also known as a ’pass-the-cookie,’ is a type of attack that has been around for decades, its resurgence as a top security risk could be due to wider adoption of multi-factor authentication (MFA),” said Ashley Shen from TAG. “This compels attackers to shift their focus to social engineering tactics”

After they’re hacked, channels are rebranded for cryptocurrency scam live streams, asking for crypto donations, or sold on the dark web at prices ranging from $3 USD to $4,000 USD, depending on the subscriber base.

YouTube creators in the auto-tuning and car review community were among the first victims, as ZDnet reported in September 2019. Several high-profile influencers reported at the time that their accounts were stolen. An unsettling detail was that, at least in some cases, the attackers managed to bypass SMS-based 2FA.

While Google has pledged to do everything it can to block similar attacks, creators can take some precautions of their own.

  • Treat every business opportunity with caution -- if it’s too good to be true, it probably is
  • Double-check whether the person or company you’re talking to really exists
  • Use an antivirus solution to scan any downloaded files and software, and be extra careful with archives
  • Double-check to see if the page you’re logging on to is the real thing
  • Protect your accounts with multi-factor authentication (MFA), even if sometimes hackers use complex tools to bypass 2FA, using a hardware key or an authenticator app dramatically improves your chances of rejecting an attack

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Why you should scrutinize shipping confirmation emails this holiday season Why you should scrutinize shipping confirmation emails this holiday season
Alina BÎZGĂ

November 25, 2021

2 min read
Phishing Emails Lure Black Friday Shoppers with Fake Best Buy, Kohl’s and Ace Hardware Gift Card Giveaways Phishing Emails Lure Black Friday Shoppers with Fake Best Buy, Kohl’s and Ace Hardware Gift Card Giveaways
Alina BÎZGĂ

November 24, 2021

2 min read
Spammers use holiday scams to con shoppers out of data and money Spammers use holiday scams to con shoppers out of data and money
Alina BÎZGĂ

November 23, 2021

8 min read