YouTube channels hacked and rebranded for live-streaming crypto scams


A new report shared by Google’s Threat Analysis Group (TAG) highlights an ongoing phishing campaign against YouTube creators, typically resulting in the compromise and sale of channels for broadcasting cryptocurrency scams.

The TAG attributes the attacks to a group of hackers recruited in a Russian-speaking forum, who hack the creator’s channel by offering fake collaboration opportunities. Once hijacked, the YouTube channels are either sold to the highest bidder or used to broadcast cryptocurrency scams:

“A large number of hijacked channels were rebranded for cryptocurrency scam live-streaming. On account-trading markets, hijacked channels ranged from $3 USD to $4,000 USD depending on the number of subscribers.”

The YouTube accounts are reportedly being hacked using cookie theft malware, a fake software configured to run on a victim’s computer without being detected. TAG also reported that the hackers also changed the names, profile pictures and content of the YouTube channels to impersonate large tech or cryptocurrency exchange firms.

According to Google, “the attacker live-streamed videos promising cryptocurrency giveaways in exchange for an initial contribution.” The company has invested in tools to detect and block phishing and social engineering emails, cookie theft hijacking and crypto-scam live streams as a countermeasure.

Given the ongoing efforts, Google has managed to decrease the volume of Gmail phishing emails by 99.6% since May 2021. “With increased detection efforts, we’ve observed attackers shifting away from Gmail to other email providers (mostly email.cz, seznam.cz, post.cz and aol.com),” the company added.

Google has shared the above findings with the Federal Bureau of Investigation (FBI) of the United States for further investigation.

Related: CoinMarketCap hack reportedly leaks 3.1 million user email addresses

Over 3.1 million (3,117,548) user email addresses were reportedly leaked from a crypto price-tracking website, CoinMarketCap.

According to a Cointelegraph report, Have I Been Pwned, a website dedicated to tracking online hacks found the hacked email addresses being traded and sold online on various hacking forums.

CoinMarketCap acknowledged the correlation of the leaked data with their userbase but maintains that no evidence of a hack has been found on their internal servers:

“As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.”


Like it? Share with your friends!

Bicryptor

0 Comments

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube, Vimeo or Vine Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format