Google warns of phishing on YouTube and sale of hijacked channels – Antivirus and Security – Tecnoblog

Google has detailed some of the hacker attacks made on YouTube channels using malware that steals victims’ passwords and cookies. According to the company, these hackers used social engineering to apply phishing scams, and the service was done in exchange for 25% to 70% of the revenue obtained in cryptocurrency lives — such was the case of the Loop Infinito channel.

Users are suspected of participating in Japanese film copyright infringement (Image: Leon Bublitz/Unsplash)
Google detailed in a document the hacking activity behind attacks against youtubers (Image: Leon Bublitz/Unsplash)

A note from the Google Threat Analysis Group released on Wednesday (20) explained the wave of hacker attacks against YouTube channels.

Some Brazilians have already been targeted by these invasions: the channel Loop Infinito, which more than 1 million subscribers, was hacked last month. In this case, the account that invaded the page belonged to Tucomenistan. Under the control of the Google account linked to the channel, the hacker promoted lives promoting the cryptocurrency ethereum. The same happened with DJ Alok’s YouTube and Twitter channel, where the attacker promoted a live broadcast with NFTs.

According to Google, the disclosure of cryptocurrencies by attackers is a trend in attacks against youtubers. When there is no promotion of digital coins, the channel runs the risk of being sold in a parallel auction carried out by the attacker.

Most hackers were recruited in Russian forum

Most of the attackers recruited to steal YouTube channels come from a Russian internet forum. The main tactic used is to lure the victim into a supposed collaboration on your channel — like sponsorship opportunities — and then the hacker hijacks the youtuber page.

Most offer partnerships for youtubers to test anti-virus, VPNs, music players, photo editing software or online games.

As most of Google’s software has been hacking away at hackers, attackers have increasingly resorted to social engineering tactics: they are landing pages or social network accounts used to infect a victim’s computer with malware. In addition, scammers also resort to more conventional tactics such as email phishing.

Sites even disguised themselves as news portals related to the pandemic (Image: Google/Disclosure)

Google has identified around 1,011 domains created to spread malware to youtubers. Approximately 15,000 accounts have been created for the email phishing scams campaign, with links to Google Drive and PDF files.

Scammers have migrated to WhatsApp and Telegram, says Google

As Google detects and tags emails with suspicious phishing links, the company says that hackers have migrated to private messengers to continue scams such as WhatsApp, Telegram or Discord.

About the malware used by hackers to break into YouTube channels, Google says that each tool steals cookies from victims’ browsers. Then the browsing history is downloaded by the attacker. The problem with most of these malwares is that they run silently, without the user’s knowledge.

“Most malware was able to steal both passwords and cookies. Some samples had anti-sandboxing tactics, including mega files, encrypted attachments and IP masks,” said Ashley Shen, a Google engineer.

Most hackers were promised a reward of 25% to 70% of the revenue earned by selling the channel or with live cryptocurrencies. Google made a table of the requirements of each proposal made by hackers:

cheap sponsorship expensive sponsorship
Job description Register a new Gmail account

Send the registered account to the attacker

Use social engineering to make victim download malware

Search and collect YouTube channel contact email

Register a new Gmail account

Send the registered account to the attacker

Prepare and send personalized phishing emails to victims

Use social engineering to target malware downloads

“And everything else besides”

revenue sharing 25% of the revenue from the hijacked YouTube channel 70% of the revenue from the hijacked YouTube channel
Table of services used by recruiters

According to Google, the sale of hijacked YouTube channels could yield a profit of up to $4,000. For smaller channels, the purchase could only net $30. The more subscribers on the channel, the higher the price.

In addition to sharing the information with the public, the company claims to have forwarded the report with the FBI for further investigation into the matter.

With information: Google

Leave a Comment