A new report, shared by Google’s Threat Analysis Group (TAG), highlights an ongoing phishing campaign hacking Youtubers. After the hack, the channels are usually sold and then used for crypto scams.
Russian hackers attack YouTube accounts
The TAG attributes the attacks to a group of Russian hackers. They would hack the YouTuber’s channel by offering false collaboration opportunities. Once hacked, the YouTube channels are sold to the highest bidder or used to livestream cryptocurrency scams:
A large number of hacked channels were used for ‘cryptocurrency scam live streaming’. In the account trading markets, the hijacked channels ranged from $3 dollars to $4,000 dollars depending on the number of subscribers.
The YouTube accounts are allegedly hacked using cookie theft malware. This is a fake software configured to run on a victim’s computer without being detected. TAG also reported that the hackers also changed the names, profile pictures and content of the YouTube channels. The goal was to pretend to be big tech or crypto exchange companies.
Investing in countermeasures
According to Google, the attacker live-streamed videos promising cryptocurrency giveaways in exchange for an initial contribution. To counter all this, the company has invested in tools to detect and block phishing and social engineering emails, cookie theft hijacking and crypto-scam live streams.
Given its ongoing efforts, Google has managed to reduce the volume of Gmail phishing emails by 99.6% since May 2021. The company added:
With increased detection efforts, we’ve seen attackers shift from Gmail to other email providers. Mainly email.cz, seznam.cz, post.cz and aol.com
Google has shared the above findings with the United States Federal Bureau of Investigation (FBI) for further investigation.
More than 3.1 million (3,117,548) user email addresses have reportedly been leaked from a crypto price tracking website.
According to a report from Cointelegraph called “Have I Been Pwned,” the hacked email addresses are being traded and sold online on various hacking forums. The report has a website dedicated to tracking online hacks.
CoinMarketCap acknowledged the correlation of the leaked data with their user base. However, it is maintained that no evidence of a hack was found on their internal servers:
Since there are no passwords included in the data we saw, we believe it most likely came from another platform where users may have reused passwords across multiple sites.