A large number of YouTube channels have been “hijacked” over the past two years and sold or used in cryptocurrency scams. To alert the owners of profiles on the platform about this type of fraud, Google detailed, on Wednesday (20), the method of action of cybercriminals.
According to the company, channel attacks start with a phishing email sent to youtuber. In the message, the attackers pretend to be a real company and propose an agreement to promote a product or service in the influencer’s channel.
Believing this to be true, content creators are led to a fake page where they download a malicious file disguised as legitimate software. Upon taking action on the victim’s device, malware stealing cookies and passwords collects the information on the target’s browser.
Channels with many followers are the main targets of the campaign.Source: PxHere
With this data, cybercriminals are able to bypass the platform’s security tools, access and steal YouTube channels. Once hijacked, compromised accounts are used to propagate phishing and fraudulent video streams that promise cryptocurrencies in exchange for an initial contribution.
The scam, which could also result in the sale of stolen channels (some profiles cost as much as $4,000), is allegedly being carried out by cybercriminals recruited in a Russian-language forum, according to the search giant. The owner of YouTube also highlighted that it has taken several measures to prevent further attacks.
With the reinforcement of security, Google detected more than a thousand domains created to infect youtubers profiles, in addition to 15 thousand email accounts associated with the invaders. She said she had intercepted 1.6 million messages to targets, blocked more than 2,400 malicious files and restored 4,000 accounts since May.
The report made by the big tech Threat Analysis Group (TAG) on this case was forwarded to the FBI for further investigation.