Hackers posing as YouTube influencers have been luring unsuspecting victims into phoney paid collaborations in order to take over their accounts. VPNs, music players, photo editing, and online gaming were among the few products that the influencers were requested to advertise.
Over the last six months, Google’s Threat Analysis Group has stopped 1.6 million phishing emails soliciting money in exchange for product promotion and restored over 4,000 accounts, according to Google.
“You have a channel with a good overview, we will be happy to order a 30-second or 15-second preview. We can agree on a price, but within the normal range,” one of these phoney messages read.
Once the YouTuber consented to the offer, a malware landing page disguised as a software download URL was provided to the YouTuber through email or a PDF on Google Drive, as well as Google docs containing the phishing links in some circumstances.
According to Google, the operations were carried out by Russian speakers who were hired via forums and promised up to 70% of the money from the hijacked channels.
Around 15,000 actor accounts have been identified by Google, the majority of which were generated particularly for this effort, according to the company.
“The attackers registered various domains associated with forged companies and built multiple websites for malware delivery. To date, we’ve identified at least 1,011 domains created solely for this purpose,” said Ashley Sen, a security researcher at Google.
Cookie theft is a session hijacking technique that allows attackers to get access to user accounts by utilising session cookies saved in the browser. The attackers were able to seize control of the influencers’ accounts and sell or utilise them for bitcoin frauds.
“The channel name, profile picture and content were all replaced with cryptocurrency branding to impersonate large tech or cryptocurrency exchange firms. The attacker live-streamed videos promising cryptocurrency giveaways in exchange for an initial contribution,” Ashley Sen further added.
Follow The420.in on