Google Releases Report on Hacker Attacks on Youtube

Hackers' main target is large channels and they use cookie theft to act

Do you remember the case of hacker attacks on Youtube from Felipe neto? Remember about the case of the hijacking of the channel from youtuber angry? How do the hijackers hide or delete videos of these youtubers and broadcast cryptocurrency sales? So it looks like Google has finally figured out the source of these attacks.

The Google Threat Analysis Group shared details about a long-running phishing campaign aimed at YouTubers. The campaign, apparently carried out by hackers recruited from a Russian-language forum, uses "false collaboration opportunities" to lure YouTubers in and then hijacks their channel using a "pass-the-cookie attack" in order to sell them. it or use it to transmit – of course – cryptocurrency scams.

Hacker attacks on youtube
Google talks about attacks

How Hacker Attacks on Youtube Work

Attacks start with a phishing email offering promotional collaboration. Once the deal is closed, YouTuber receives a link to a malware page masquerading as a download URL. This is where the real action begins: when the target runs the software, it pulls cookies from their PCs and uploads them to “command and control servers” operated by the hackers.

Having these cookies, as Google explains, "allows access to user accounts with session cookies stored in the browser." This means hackers don't have to worry about stealing YouTuber login credentials, because cookies make remote sites think they're already logged in.

“Cookie theft” is actually an old digital hijacking technique that is re-emerging among unscrupulous hakcers, possibly due to the widespread adoption of security precautions that have made new hacking techniques more difficult to execute. Two-factor authentication, for example, is a common security feature on major websites today, but is ineffective against cookie theft. (but you should still use it whenever possible)

-- Advertising --

Google Actions to Stop New Attacks

"Additional security mechanisms, such as two-factor authentication, can pose considerable obstacles to attackers," said Jason Polakis, a computer scientist at the University of Illinois at Chicago, to Ars Technica. "This makes browser cookies an extremely valuable feature for them as they can avoid the additional security checks and defenses that are triggered during the login process."

A “large number” of channels hijacked in this way are rebranded as big tech companies or cryptocurrency exchanges and then begin streaming videos that promise cryptocurrency donations in exchange for an upfront payment. Those sold on per-account trading markets range from $3 to $4.000, depending on the number of subscribers the channels have.

Google Releases Report on Youtube Hacker Attacks | 62b8801f image 2021 10 18 161438 | married games news | google, hacker, pc, technology, youtube | hacker attacks on youtube

Invest in your digital security and enjoy this promotion of the best VPN

Subscribe now, save and earn
3 months free

Google said it had reduced the number of phishing emails related to these attacks by 99,6% since May 2021 and blocked about 1,6 million emails and 2.400 files sent to targets. As a result, attackers are starting to migrate to non-Gmail providers, “mostly email.cz, seznam.cz, post.cz and aol.com”. But the big challenge of cybersecurity, as always, is the human factor. Phishing emails can be extremely misleading, and once the cog wheels of the scam start to turn in this process, it can be very difficult to stop.

The promise of “something for nothing” also has a great fascination: the big twitter hack that occurred in 2020 (which actually started with a “phone phishing attack”) diverted more than $100.000 from victims in a single day, simply promising to double their Bitcoin contributions as a way to “give back to the community”. Talk to us in the comments and let us know if you liked this news and take the opportunity to read more News on our website.

-- Advertising --

Source: Ars Technica, Google Threat Analysis Group

Avatar of paulo factory

Paulo Fabris is a journalist, writer, RPG player, gamer, cosplayer, nerd and fan of anime since the time of TV Manchete.