Google Unmasks Two-year-old Phishing and Malware Campaign Targeting YouTube Users
Almost two years after a wave of complaints flooded Google's support forums about YouTube accounts getting hijacked even if users had two-factor authentication enabled, Google's security team has finally tracked down the root cause of these attacks. From a report: In a report published today, the Google Threat Analysis Group (TAG) attributed these incidents to "a group of hackers recruited in a Russian-speaking forum." TAG said the hackers operated by reaching out to victims via email with various types of business opportunities. YouTubers were typically lured with potential sponsorship deals. Victims were asked to install and test various applications and then publish a review. Apps typically used in these schemes involved antivirus software, VPN clients, music players, photo editors, PC optimizers, or online games. But unbeknownst to the targets, the hackers hid malware inside the apps. Once the YouTube creators received and installed the demo app, the installer would drop malware on their devices, malware which would extract login credentials and authentication cookies from their browsers and send the stolen data to a remote server. The hackers would then use the authentication cookies to access a YouTuber's account -- bypassing the need to enter a two-factor authentication (2FA) token -- and move to change passwords and the account's recovery email and phone numbers. With the victims locked out of their accounts, the hackers would typically sell the hijacked YouTube channel on underground marketplaces for stolen identities.
from Slashdot https://ift.tt/3jrrhuN
Read more of this story at Slashdot.
from Slashdot https://ift.tt/3jrrhuN
0 Response to "Google Unmasks Two-year-old Phishing and Malware Campaign Targeting YouTube Users"
Post a Comment