Thousands of YouTubers are hacked and their accounts usurped by the very classic method of phishing via E-mail. The goal: disseminate content related to cryptocurrency scams by reaching as many people as possible.
By the admission of , these are thousands of accounts of which are regularly hacked. Influencers are denied access to their account, or see their channel display content related to cryptocurrency scams. Sometimes hackers demand a ransom to free the account.
Taking control of an account ofis therefore not uncommon and, according to , it remains difficult to fight. Everything usually comes from a well orchestrated but, all in all, quite classic. The attacker sends his target a teaser email that appears to come from a real company wishing to enter into a commercial relationship with him. This is an email regarding a product placement, , an advertising banner …
In fact, the content of this message falls completely within the uses of this YouTuber profession. As soon as the victim clicks on the link of the message allowing access to the offer or to the software, he triggers the trap. But, since accounts are often protected by two-factor authentication, you have to be tricky.
Hackers will retrieve session cookies implanted in the victim’s browser
To prevent this authentication procedure from triggering, or any other security system refusing the connection, hackers will retrieve data.session implanted in the of the victim. No need to show any white paws thanks to these which show that your session is still active, therefore authorized.
A theft of transfer cookies to thwart protections
By autopsying these attacks, Google was able to identify a dozen tools that hackers use to steal these precious cookies. And still according to the firm, it is more than 1,000and so many pages that were designed to fool YouTubers. In addition, there are 15,000 email accounts linked to hackers. Google also explains that the takeover of YouTube accounts increased in August 2020. Influencer accounts with several hundred thousand subscribers were thus hacked and modified to broadcast scam videos on the .
To avoid these takeovers, Google says it has strengthened its teams. Security experts would have intercepted 99.6% of these e-mails fromon Gmail, with 1.6 million messages. 2,400 malicious files were also reportedly blocked. And, in total, 4,000 account restores were reportedly undertaken. But the concern is that, to bypass this surveillance, hackers are now looking for YouTubers who do not necessarily use their address. , but another service.
To get out of Googkle’s radars, they also manage to redirect victims to platforms like, , . Under these conditions, it becomes more difficult for Google to block these phishing campaigns. To limit the breakage, even if it is not unstoppable, the firm will ask from the 1is November to YouTubers to activate the and take into consideration Google’s security messages.