According to Google’s Threat Analysis Group (TAG), attackers use the tried and tested social engineering tactics to trick YouTubers. They send an email pretending to be from a legitimate organization or company to their targets, offering bogus business opportunities. The attackers often offer a handsome deal to the victims for short advertisements in their YouTube videos. The company has so far identified 15,000 fake accounts used to send such phishing emails. Once the target agreed to the deal, the attackers trick them into downloading Cookie Theft malware on their computer using fake software landing pages or social media accounts. Google’s TAG team has identified at least 1,011 domains used to distribute the malware to date.
Although phishing is one of the most popular types of cyberattack, it is tough to defeat. Such assaults prey on unwary victims, tricking them into disclosing sensitive information. Attackers typically pose as representatives of a reputable entity and entice their targets with phoney partnership prospects. YouTube producers tend to be among the most vulnerable candidates for phishing assaults. Google has officially revealed the details of a large phishing effort aimed at YouTubers.
In collaboration with “YouTube, Gmail, Trust & Safety, CyberCrime Investigation Group, and Safe Browsing teams,” Google has also decreased the volume of phishing emails on Gmail by 99.6 percent during this period. But attackers are now using other email providers such as email.cz, seznam.cz, post.cz, and aol.com to send phishing emails. They are also driving victims to instant messaging apps like WhatsApp, Telegram, and Discord for further communications.
When the victim runs the fake software, attackers are able to steal their login cookies and hijack their accounts. Google says the hijacked channels are either sold to the highest bidder or used to broadcast cryptocurrency scams. Depending on the number of subscribers, the channels sell for up to as high as $4,000. Google‘s TAG team has disrupted several such “financially motivated” phishing attacks directed at YouTubers over the past couple of years. Since May this year, the company has blocked 1.6 million phishing emails, displayed around 62,000 phishing alerts, blocked 2,400 files, and successfully restored 4,000 hijacked YouTube accounts.
Google doesn’t reveal details about the attackers behind these phishing attacks. However, the company says the “hack-for-hire actors” were recruited in a Russian-speaking forum. Depending on the work, the actors get up to 70 percent of the revenue generated from the hijacked YouTube accounts. Meanwhile, for improved security, Google will mandate 2-Step-verification for all monetizing YouTube creators starting November 1st. The company also advises users to be vigilant and verify the legitimacy of emails or files received from unknown sources.