A new report from Google’s Threat Analysis Group (TAG) highlights an ongoing phishing campaign against YouTube content creators, which typically leads to concessions and sell-offs from crypto-related fraud channels.
TAG attributes the attacks to a group of hackers recruited from a Russian-language forum hacking the author’s channel, offering fake collaboration opportunities. Once hacked, YouTube channels are either sold to the highest bidder or used to stream cryptocurrency:
“A large number of hacked channels have been revived for direct fraud in cryptocurrency. In the account trading markets, the cost of hacked channels ranged from $3 to $4,000, depending on the number of subscribers.”
YouTube accounts are allegedly hacked using cookies that steal malware and fake programs that are configured to run on the victim’s computer undetected. TAG also reported that the hackers also altered the names, profile pictures, and content on YouTube channels to mimic large tech companies or cryptocurrency exchanges.
According to Google, “The attacker sent a live video, promising a gift of cryptocurrency in exchange for a down payment.” As a countermeasure, the company has invested in tools to detect and block phishing emails and social engineering messages, cookie theft and outright crypto fraud.
With continued efforts, Google has been able to reduce the amount of phishing in Gmail by 99.6% since May 2021. “With increased detection efforts, we have seen attackers migrate from Gmail to other email service providers (mainly email.cz, seznam.cz, mail .cz and aol.com),” the company added.
Google has shared the above findings with the US Federal Bureau of Investigation (FBI) for further investigation.
Related: CoinMarketCap hack leaked 3.1 million user email addresses
More than 3.1 million (3,117,548) user email addresses have been reported from cryptocurrency price tracking site CoinMarketCap.
According to a Cointelegraph report, hacking tracking website Have I Been Pwned found hacked email addresses being sold and sold online on various hacking forums.
CoinMarketCap has acknowledged the relationship of the leaked data with its user base, but claims that no evidence of the breach has been found on their internal servers:
“Because the data we saw does not include passwords, we believe it is more likely to be retrieved from another platform, as users may have reused passwords on multiple sites.”