Google: Phishing Campaign Targets YouTube Creators

  /     /     /  
Publicated : 23/11/2024   Category : security


Google: Phishing Campaign Targets YouTube Creators


The attackers behind the campaign, which distributes cookie theft malware, are attributed to actors recruited in a Russian-speaking forum.



Googles Threat Analysis Group (TAG) today disclosed the details of a financially motivated phishing campaign that has targeted YouTube creators with cookie theft malware, and which it has been disrupting, since 2019.
Cookie theft, which TAG also describes as a pass-the-cookie attack, is a session hijacking tactic that gives an attacker access to user accounts with session cookies stored in the browser. Its a technique that has been around for years, TAG says. Its resurgence may be linked to wider adoption of multifactor authentication prompting criminals to focus on social engineering.
The attackers are attributed to a group of actors recruited in a Russian-speaking forum, TAG wrote in a blog post. They usually lure targets with an email about an advertising collaboration opportunity; for example, a demo for antivirus software, VPN, music players, photo editing, or online games. Many YouTube creators put their email address on their channel, TAG noted.
When the victim agrees to a deal, the attackers send a malware landing page disguised as a software download URL via email or a PDF on Google Drive. Researchers report the attackers registered various domains associated with fake companies and built multiple websites to deliver malware. Theyve identified at least 1,011 domains created for this purpose so far.
Once the fake software is run, it executes a cookie-stealing malware, takes browser cookies from the victims machine, and uploads them to the attackers command-and-control servers. Most of the malware could steal both user passwords and cookies, researchers noted. Some used anti-sandboxing techniques such as enlarged files, encrypted archive, and IP cloaking.
Some hijacked accounts were sold on account-trading markets, where they went for $3 to $4,000 USD depending on the subscriber count. Many were rebranded for cryptocurrency scam livestreaming, in which the channel name, profile picture, and content were replaced with cryptocurrency branding to spoof large tech or cryptocurrency exchange firms. Attackers livestreamed videos promising cryptocurrency giveaways in exchange for an initial contribution.
Read more details
here
.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google: Phishing Campaign Targets YouTube Creators