So it’s said that Google details an extensive phishing campaigns that is targeting YouTubers. Google put out a report detailing a phishing campaign directed at YouTubers, which involved around 15,000 fake accounts and over a million messages to targets.
The phishing attempts were carried out by multiple hackers, and the company says it’s recovered around 4,000 accounts since late 2019.
The attackers weren’t just trying to get the creators to put their password into a fake website, though — they were trying to infect their computer with malware that would steal their login cookies, which is a much more intensive attack than sending a link and waiting for someone to get sloppy with their passwords.
Google Details Extensive Phishing Campaign Targeting YouTubers
YouTube doesn’t publicly say who was recruiting the hackers, only that they were using Russian-language forums to advertise.
The campaign’s focus on YouTube accounts, instead of traditional targets like government computer systems or banks, shows how valuable gaining access to influencers’ social accounts and audiences’ attention can be.
How the Hack is said to Work
The hack generally worked like this: hackers reached out to the YouTubers, pretending to offer ad deals promoting a VPN, antivirus program, or other software on their channel.
If the creator agreed, they got a link that, if clicked, would infect their computer using a variety of malware programs, usually designed to steal cookies and passwords.
According to the verge, because of the prevalence of two-factor authentication (whether through prompts, codes, or hardware keys), the cookies may have been an especially valuable target.
Hackers were looking at the ones that websites use to store a user’s log-in session (these files are the reason you don’t have to re-enter your password every time you visit a site).
Even Cisco Umbrella said, if the hackers got the YouTuber’s cookie (and were able to use it before it expired) they may have been able to take over the channel, and potentially even change passwords to lock the rightful owners out.
Of course, since YouTube accounts are tied to Google accounts, these kinds of attacks also gave hackers access to Gmail, Google Drive, Photos, and other services that were tied to that account.
The Hackers Were Either Able To Sell the Hacked Accounts or Run Bitcoin Scams On Them
According to Google, after all that work, hackers were able to sell the accounts for anywhere from $3 to $4,000.
While that feels relatively cheap to get a YouTube account with a good number of subscribers, the numbers may be so low because the hackers wanted to hang on to accounts that they thought could really pull in money last year.
Tech leaker Jon Prosser told Motherboard that hackers were able to make $10,000 by live streaming a scam on his channel, promising to double any Bitcoins viewers sent in.