A new report shared by the Google Threat Analysis Team (TAG) highlights the ongoing phishing campaigns targeting YouTube creators, which often results in the destruction and sale of channels that spread cryptocurrency scams.
TAG blamed the attack on a group of hackers recruited in Russian-language forums, who invaded the creator’s channel by offering false collaboration opportunities. Once hijacked, the YouTube channel is either sold to the highest bidder or used to spread cryptocurrency scams:
“A large number of hijacked channels have been renamed to live cryptocurrency scams. In the account trading market, the hijacked channels range from $3 to $4,000, depending on the number of subscribers.”
According to reports, the YouTube account was used by hackers with cookie-stealing malware, which is a counterfeit software that is configured to run on the victim’s computer without being detected. TAG also reported that hackers also changed the name, profile picture, and content of the YouTube channel to impersonate a large technology or cryptocurrency trading company.
according to For Google, “the attacker’s live video promises to provide cryptocurrency in exchange for the initial contribution.” The company has invested in developing tools to detect and prevent phishing and social engineering emails, cookie theft hijacking, and encrypted scam live streaming as countermeasures .
In view of ongoing efforts, Google has successfully reduced the number of Gmail phishing emails by 99.6% since May 2021. cz, post.cz and aol.com),” the company added.
Google has shared the findings of the above investigation with the FBI for further investigation.
According to reports, more than 3.1 million (3,117,548) user email addresses were leaked from the encrypted price tracking website CoinMarketCap.
According to a report by Cointelegraph, Have I Being Pwned, a website dedicated to tracking online hackers, found that hacked email addresses were traded and sold online on various hacker forums.
CoinMarketCap acknowledges that the leaked data is related to its user base, but insists that no evidence of hacking has been found on its internal servers:
“Since the data we saw did not contain the password, we think it is likely to come from another platform, and the user may have reused the password on multiple websites.”