Google provides detailed information on phishing campaigns targeting YouTube users
Google provides detailed information on phishing campaigns targeting YouTube users

Google has released a report on phishing campaigns targeting YouTube users, including about 15,000 fake accounts and more than a million messages sent to the targets.

Several hackers have made phishing attempts, and the company says it has recovered about 4,000 accounts since late 2019.

The attacker tried to trick content creators into using passwords on fake websites. They also tried to infect computers with malware that would steal login cookies.

The platform has not publicly revealed who has recruited the hackers. But it turns out that they use Russian forums to advertise.

This campaign focuses on YouTube accounts rather than traditional targets such as government IT systems or banks, demonstrating the importance of reaching influential social accounts and interested audiences.

Hackers have turned to users of the platform, claiming to run ad deals promoting VPNs, antivirus or other software on all channels.

If the creator agrees, they will get a link. If you click on it, your computer will be infected with various malware, which are usually used to steal cookies and passwords.

Due to the popularity of two-factor authentication, cookies can be a particularly attractive target. Hackers look for cookies that websites use to save user login sessions. These files are the reason why you do not need to re-enter your password every time you visit the site.

If hackers can control and use the YouTube cookie before it expires, they may be able to control the channel or even change the password to sign out of the actual owner.

Since YouTube accounts are linked to Google accounts, these types of attacks also allow hackers to access Gmail, Google Drive, photos, and other account-based services.

Depending on the company, hackers can sell these accounts for anywhere between $3,000 and $4,000.

Google has taken action against phishing scams targeting its users

Although it is relatively cheap to have a YouTube account with a large number of subscribers. These numbers may be very low because hackers want to keep accounts that they think can generate profits.

Technical whistleblower John Prosser said last year that hackers managed to make $10,000 by broadcasting the scam on his channel.

This and similar events may have been the catalyst for Google's announcement that YouTube creators were required to activate two-step verification earlier this year. This requires passwords and things like phone calls or security keys to connect.

The company also fights hackers in another way by blocking its email and files. It also warns users when they visit malicious websites in Google Chrome.

But given the value of the designer's accounts, criminals might not even try to get it. For the foreseeable future, developing phishing attacks may be a part of life online.

Previous Post Next Post