The Google Threat Analysis Group [TAG] released a report that detailed an ongoing phishing campaign targeting YouTube creators. This exploit resulted in the channel being sold to the highest bidder or being used to broadcast cryptocurrency scams.
According to a Google update, the perpetrators of this campaign could be a group of hackers recruited on a Russian-speaking forum. It continued,
“The actors behind this campaign, which we attribute to a group of hackers recruited in a Russian-speaking forum, entice their target with phony collaboration opportunities (typically a demo for anti-virus software, VPN, music players, photo editing, or online games), hijack their channel, and either sell it to the highest bidder or use it to broadcast cryptocurrency scams.”
A large number of hijacked channels were rebranded for cryptocurrency scam live-streaming, according to the team. However, streaming of cryptocurrency scams is not a new phenomenon on the platform. Crypto scams and account takeovers have been going on for quite some time.
Indeed, even during this period, a large number of hijacked channels were used to promote crypto scams.
“Many hijacked channels have been rebranded for cryptocurrency scam live-streaming.” The cost of hijacked channels on account-trading markets ranged from $3 USD to $4,000 USD, depending on the number of subscribers.”
Phishing has proven to be the most difficult act to perform and defend against. The attackers offer to collaborate by sending YouTube creators an email that appeared to be from a VPN, photo editing app, or similar service.
Because they have made a promotional agreement with the channel host to showcase their products in exchange for a fee, clicking on the product to download directs the creators to a malware landing page rather than the actual product.
As a quick fix, Google discovered over 1,000 domains and invested in tools to detect and block phishing and social engineering emails, cookie theft hijacking, and crypto-scam live streams. Since May 2021, it has reduced the volume of Gmail phishing emails by 99.6 percent.
“As detection efforts have increased, we’ve observed attackers shifting away from Gmail and toward other email providers (mostly email.cz, seznam.cz, post.cz, and aol.com).”
This information was shared with the Federal Bureau of Investigation [FBI] of the United States for investigation.
According to reports, on Saturday, nearly 3.1 million user email addresses associated with CoinMarketCap accounts were traded on hacking forums. According to Have I Been Pwned, CMC was the victim of a hack and confirmed the list of leaked user accounts.
It was stated,
“CoinMarketCap has become aware that batches of data purporting to be a list of user accounts have appeared online.” While the data lists we’ve seen contain only email addresses, we’ve discovered a link to our subscriber base.”
The company stated that the hackers did not obtain any passwords, but they have yet to determine the exact cause of the hack.
In light of an active spot market and rising scams, it appears that the crypto slogan “do your own research” is once again applicable.