Google's Threat Analysis Group (TAG) discovered on Wednesday, Oct.20 that several hackers were using cookie-stealing malware to exploit high-profile users on YouTube.
Mostly, the latest phishing attack involves a series of crypto scams that emerge from ripped-off YT channels.
YouTube Channels Hacked By Pass-the-Cookie Attack
According to a report by Threatpost, Google's security researchers discovered that the cybercriminals have been carrying out their operations since 2019. On Russian-speaking forums, the search engine giant also spotted that there were several threat actors recruited to launch these attacks.
The hackers utilized fake ads or bogus landing pages and accounts, in addition to phishing emails that would steal users' information. The main target of the criminals is the YouTube content creators who have a huge number of subscribers.
Some of the tools that Google noticed during the incident are Vidar, Nexus stealer, Vikro Stealer, Kantal, Grand Stealer, RedLine, and a lot more. Sorano and AdamantiumThief, an open-source code was also observed during the attack.
After injecting the malware into the systems, the hackers could now obtain the user's data. They could also manage the cookies of the victims through the cookie-stealing malware.
According to TAG Security Engineer Ashley Shen, since the technique has been around for many years because of multi-factor authentication (MFA), cyber attackers have come up with a unique way of hacking through social engineering.
Shen added that the cookie-stealing malware could steal both cookies and passwords of a user, particularly in YouTube. The team also saw some anti-sandboxing methods in the recent attack such as IP loading download, enlarged files, and archive encryption.
Google Detects At Least 1,011 Domains and 15,000 Actor Accounts
The Google security team did not only find out the obvious attackers in the Russian forums but also the number of threat actor accounts to continue the phishing campaign.
The TAG researchers said that there were over 1,000 domains that were involved in the malware exploitation. In addition, 15,000 accounts were launched to infect the systems of the high-profile users on YouTube. They are made to bring emails with malicious links which would interrupt the business emails of the creators.
In line with the cryptocurrency scams, some accounts were sold by the hackers for $3. The cost of the YouTube account relies on the number of subscribers. Even so, others were bought at a whopping price of $4,000.
Since May 2021, Shen and the security analysis group have prevented malicious emails on Gmail by 99.6%. They have restored 2,400 files and established 62,000-page warnings for safe browsing, Bleeping Computer reported.
Read also: Google Chrome: Update Your Browser NOW Because of These 5 Zero Day UAF Threats for Desktop
Ransomware Attacks Targeting Windows Users
Last week, Google VirusTotal reported that the cyberattacks in the first half of 2021 accounted for 95%. Most commonly, the victims of the said scheme are Windows users.
According to the summary released by Virus Total, there were over 140 countries that were affected by the widespread ransomware attack. Israel has the most number of ransomware cases followed by South Korea and Vietnam.
In July, the Trojan malware was reportedly inhabiting nine Google Play apps. According to the report, these applications could steal Facebook logins and passwords.
Related Article: Google App Bug Lets Malicious App Get Access to Your Personal Data
This article is owned by Tech Times
Written by Joseph Henry