Hackers are stealing YouTube channels and evading
two-factor authentication, but the attacks are a threat to everyone.
A phishing attempt targeting YouTube video
creators was highlighted in a recent report from Google’s Threat Analysis
department. Thousands of channels were successfully hijacked by hackers, who
either sold them or utilized them to conduct financial schemes against the
channel’s subscribers.
While Google claims to be aggressively combating
the problem and has restored many of the hijacked YouTube channels, the ad
highlights the importance of cybersecurity procedures on YouTube and elsewhere.
How did the latest YouTube phishing scheme get off the ground?
YouTube did not say who was behind the attack, but according to the article, the campaign’s team was assembled on a Russian-language bulletin board. While we may not know who was behind it, we do know that the heists were carried out through “cookie stealing” methods.
Cookie theft attacks target the cookies a browser saves when you’re logged in, unlike phishing scams that employ false login pages, malicious links, or other ways to steal usernames, passwords, and other personal data.
Cookie theft attempts do require more effort than a typical phishing scam, and they’re only effective if the user stays logged in and doesn’t remove their cookies before the hacker can use the login cookies on their end. Using the login session cookies, on the other hand, completely eliminates the need to log in, as well as any additional authentication requirements such as two-factor authentication (2FA) codes, security questions, or USB security keys. Cookie theft assaults are exceedingly dangerous as a result of this, and with YouTube’s recent 2FA login requirement for all YouTube creators, cookie theft is likely one of the last viable alternatives left to hackers.
A successful cookie theft, like other phishing and malware assaults, necessitates the user downloading and install dangerous files or apps to their computer. To pull this off, hackers employed social engineering techniques to dupe victims into email-based ad
For example, several of the “partnerships” urged the YouTuber to “review” VPNs, anti-virus applications, or video games. The hackers sent malware-infected files to the YouTuber after he agreed to test the product. These files capture the user’s YouTube channel login cookies. The files were encrypted to avoid detection by anti-malware and anti-virus software, making intercepting them before they reached the user’s machine difficult.
With those cookies, the hackers could take control of the channel without ever having to know the username or password. They would utilize the hijacked channels to launch money frauds against the YouTuber’s followers, such as bogus donation drives and cryptocurrency schemes, among other things.
Smaller channels were sold to other hacking organizations for ranging between $3 and $4,000 in certain situations.
How can you keep safe?
According to the research, Google’s staff have “decreased the volume of linked phishing emails on Gmail by 99.6% since May 2021,” blocking 1.6 million messages, over 62,000 phishing URLs, and 2,400 harmful files. It also informed the FBI about the hacker activity.
In terms of the affected channels, YouTube claims that about 4,000 accounts have been successfully restored.
That’s excellent news for people who were duped, but these figures show how widespread (and dangerous) phishing campaigns are. That’s why we always recommend enabling two-factor authentication for all of your accounts. (Now is a good time to activate it on YouTube if you haven’t already.)
But, certainly, this phishing campaign also demonstrates that 2FA protection may be bypassed—no cybersecurity feature is 100% effective. 2FA, on the other hand, makes it considerably more difficult for hackers to gain access in the first place, as does create unique passwords for each account.
Our guide to spotting online scams will help you avoid the common pitfalls that allow hackers access to your devices and data; don’t forget to scan your PC and any files you download with reputable anti-virus and anti-malware apps on a regular basis, and use the highest browsing security mode on your browser. The hacker gang has utilized a list of sites in its attacks, which you should review and add to your browser’s or anti-malware app’s block list, according to Google’s report.
