YouTubers’ channels hacked in cookie-stealing scam

Since at least 2019, criminal hackers have been hijacking high-profile YouTube channels in a phishing scam designed to capture their cookies.

According to a report by Google, which owns YouTube, more than 4,000 accounts were compromised, with attackers either selling the login details or using the channel to broadcast cryptocurrency scams.

The attack started with a phishing email that appeared to be from a legitimate service offering to sponsor their content.

These included VPNs, photo editing apps and antivirus software, which are all common, and often lucrative, sponsors for YouTube channels.

It’s therefore understandable that a victim who receives an offer like this might jump at the opportunity.

Those who agree to the offer were sent an attachment that claimed to be the product in question. However, the file in fact contains malware that infects the victim’s computer with malware, which is designed to steal cookies and passwords.

Google found more than 1,000 domains that were created to target YouTubers, although it suspects that the scale of the attack was actually much larger.

Its research uncovered 15,000 email accounts associated with the attackers and more than a million messages.

Capturing session cookies

Once the malware is on the victim’s systems, it grabs specific cookies, known as “session cookies” from their browser.

These are files that confirm that a user has successfully logged on to their account. Provided they were captured in time, criminal hackers can upload these cookies to bypass login mechanisms and access the victim’s account.

The attacker would then be able to change the user’s password, locking them out of their own account. From there, the crook could sell the login details on the dark web, with accounts being sold for up to $4,000 (about £2,900).

When it came to high-profile accounts, though, attackers had bigger plans – using them to livestream cryptocurrency scams.

Last year, the tech leaker Jon Prosser told Motherboard that criminal hackers were able to make $10,000 (about £7,300) livestreaming a scam on his channel.

What is YouTube doing about this?

YouTube recently announced that, from 1 November 2021, it will be requiring creators to use multifactor authentication to access YouTube Studio.

This process requires users to have both their password and another piece of information – such as a one-time password sent to their phone – for them to log in.

That means that criminal hackers won’t be able to compromise accounts by stealing passwords alone.

This has been optional for a long time, but many people haven’t implemented it because it complicates the login process. However, given the risk of accounts being compromised, Google has forced people’s hands.

Don’t expect this to be a panacea, though. For one, it won’t prevent attackers from sending malware-infected attachments.

The only truly effective way to stay safe is to learn how scammers target people and spot the signs of a scam before it’s too late.

phishing elearning

If you want to know what you should be looking out for, our Phishing Staff Awareness Training Programme contains all the guidance you need.

The 45-minute course explains how phishing attacks work, the tactics that cyber criminals use and how you can detect malicious emails.

Our content is updated quarterly to include current examples of successful attacks and the latest trends that criminals use.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.