A new report from Google’s Threat Analysis Group (TAG) highlights an ongoing phishing campaign against YouTube creators that typically results in the compromise and sale of channels carrying cryptocurrency fraud.
The TAG attributes the attacks to a group of hackers who were recruited in a Russian-speaking forum and who hacked the creator’s channel by offering fake cooperation opportunities. After the hijacking, the YouTube channels are either sold to the highest bidder or used to transmit cryptocurrency fraud:
“A large number of hijacked channels have been renamed for live streaming of cryptocurrency scams. In the account trading markets, the hijacked channels ranged from $ 3 to $ 4,000, depending on the number of subscribers.
The YouTube accounts are reportedly being hacked using cookie-stealing malware, fake software that is configured to run on a victim’s computer without being detected. TAG also reported that the hackers also changed the names, profile pictures, and content of the YouTube channels to impersonate major technology or cryptocurrency exchanges.
According to Google, “the attacker broadcast live videos promising cryptocurrency giveaways in exchange for an initial contribution.” As a countermeasure, the company invested in tools to detect and block phishing and social engineering emails, cookie theft, and crypto scam live streams.
Given the ongoing efforts, Google has managed to reduce the volume of Gmail phishing emails by 99.6% since May 2021. cz, post.cz and aol.com), “added the company.
Google has shared the above findings with the United States Federal Bureau of Investigation (FBI) for further investigation.
Related: CoinMarketCap hack reportedly leaks 3.1 million user email addresses
Over 3.1 million (3,117,548) user email addresses were reportedly leaked from a crypto price tracking website called CoinMarketCap.
According to a Cointelegraph report, Have I Been Pwned, a website devoted to tracking online hacks, found the hacked email addresses traded and sold online on various hacking forums.
CoinMarketCap confirmed the correlation of the leaked data with their user base, but claims that no evidence of a hack was found on their internal servers:
“Since the data we saw does not include passwords, we assume that it is most likely from another platform where users may have reused passwords across multiple websites.”