In a world of consistent cyberattacks on popular services, the latest YouTube scam used browser cookies to hack lots of YouTube channels and either sold them or used them to perform financial scams. The YouTube scam was highlighted by Google’s Threat Analysis group, which revealed the phishing attack targeting YouTube content creators. Google had to restore 4,000 affected accounts and blocked 62,000 phishing pages and 2,400 malicious files.
Unlike other hacks that rely on malicious links and false login pages, this attack relied on cookie theft to steal all data the users were logged in. This is a very expensive way to hack someone and requires a lot more effort; it requires the victim to stay logged in and keep the device cookies while the attack is happening.
The report says that this attack also required the hackers to send malicious files and apps on to the YouTube channel owner’s system. Similar to other malware and phishing attacks, the attackers in this case may have pretended to be partners looking for a review opportunity on their channel.
The partnerships could have been done in the guise of reviewing a VPN app, antivirus app and some games. Once the channel owner agreed, these hackers would have sent malicious links and files to the user, which upon installation may have infected the system and collected all the bowser cookie data. Cookie files usually store all login details.
These malicious files were said to be sent in an encrypted format to let them bypass antivirus and antimalware apps. Once the files or apps were installed, the hackers had easy access to all the login data. They eventually used the channel to launch other kinds of scams such as fake crypto schemes, donation campaigns, and more. Some channels were even sold to other hackers for prices going up to $4,000.
However, Google says it has done substantial work to reduce the damage and even successfully restore 4,000 affected accounts. Google says it also decreased the volume of phishing emails on Gmail by 99.6 percent since May 2021. A total of 1.6 million messages were blocked along with 62,000 phishing pages and 2,400 malicious files.
While it often becomes difficult to verify someone identity, it is always suggested to check your contact details of the sender before downloading any of their files. Additionally, having a 2-factor authentication, or 2FA verification helps in adding an extra layer of security. You at least know if there’s an unauthorised login access happening on your account.
Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.