Russian Hackers Hijack YouTube Channels to Broadcast Crypto Scams: Google

Search engine giant Google has made a series of claims, accusing Russian hackers of hijacking YouTube channels for malicious purposes.

Per a recent blog post shared by the Threat Analysis Group (TAG) of the American multinational company, hackers usually deploy a Cookie Theft Malware, which through the YouTuber’s password and cookie data, can be downloaded to the hacker’s servers.

The entire compromise begins with email correspondence for advertisement collaboration. Google said these hackers often impersonate an existing and established business, which offers a high level of legitimacy to the sender. Unsuspecting YouTubers who click and visit the embedded cloned websites with fake domains risk giving up their data to the hacker.

With access to a channel, the hackers can either auction it out to the highest bidder or use it to broadcast live cryptocurrency-related scams.

“The actors behind this campaign, which we attribute to a group of hackers recruited in a Russian-speaking forum, lure their target with fake collaboration opportunities (typically a demo for anti-virus software, VPN, music players, photo editing, or online games), hijack their channel, then either sell it to the highest bidder or use it to broadcast cryptocurrency scams,” the TAG report detailed.

The easy adoption of digital currencies in fraud and cyber thefts has caused massive friction in platforms like YouTube to allow crypto-related contents, which was a source of uproar for a while. However, with the recent upsurge in phishing scams, Google said it had decreased the volume of related phishing emails on Gmail by 99.6% since May 2021.

“We blocked 1.6M messages to targets, displayed ~62K Safe Browsing phishing page warnings, blocked 2.4K files, and successfully restored ~4K accounts. With increased detection efforts, we’ve observed attackers shifting away from Gmail to other email providers (mostly email.cz, seznam.cz, post.cz, and aol.com),”

The search engine added that in order “to protect our users, we have referred the below activity to the FBI for further investigation.” 

Image source: Shutterstock