Google blocked 1,6 million phishing emails since May 2021 that were part of a malware campaign aimed at hacking accounts YouTube and promoting cryptocurrency fraud.
According to Threat Analysis Team (TAG by the Threat Analysis Group) of Google, which from the end of 2019 stops the cyber "fishing" campaigns carried out by a network of Russian hackers targeting YouTubers with "highly customized" cyber "phishing" messages and malicious cookie theft software .
The group's main goal was to breach YouTube accounts for displaying live-stream scams offering free cryptocurrencies in exchange for an initial contribution. The other main source of revenue for the group was the sale of channels YouTube from $ 3 to $ 4.000, depending on how many subscribers each channel has.
As of May 2021, Google reports that it has blocked 1,6 million targeted messages, displayed 62.000 Safe Browsing alerts, and repaired some 4.000 compromised accounts.
Fishing messages delivered malware designed to steal cookies from browsers.
Although the “pass-the-cookie” attack is not new, it is very effective: it does not bypass multi-factor authentication (MFA), but works even when users enable MFA on an account because the session cookie modeς υποκλέπτεται αφού ο χρήστης έχει ήδη πιστοποιηθεί δύο φορές, από έναν κωδικό πρόσβασης και ένα smartphone για παράδειγμα.
Once the malware runs, the cookie uploads to the attacker's servers offering him the bill on the plate.
Google attributes the campaign to a hack-for-hire group recruited to a Russian-speaking forum.
Then, the hackers ξεγελούν τους στόχους με ψεύτικα επιχειρηματικά email, όπως η ευκαιρία να δημιουργήσετε έσοδα από μια επίδειξη για λογισμικό προστασίας από ιούς, VPN, devices reptreatmentmusic, photo editing software or online games. But then the attackers hijack the YouTube channel and either sell it or use it to live-stream cryptocurrency scams.
Google also found 1.011 domains created for it delivery of the malware. The domains impersonated well-known tech sites, such as Luminar, Cisco VPN, and various games on Steam.
The company reports that hackers run malicious cookie theft software periodically to reduce the chance of being detected by security software.