Google’s Threat Analysis Group revealed that cybercriminals have been targeting YouTube content creators in phishing campaigns for the last two years. The bad actors often hijack their channels and either sell them back for a higher price or employ them to broadcast digital asset scams.
YouTubers, Stay Alert
In its report, Google’s team explained that some hackers recruited in a Russian-speaking forum had attacked many YouTubers with “highly customized” phishing emails and cookie-stealing malware. Some commodity malware used included RedLine, Predator The Thief, Vidar, Azorult, Raccoon, Grand Stealer, and more.
The bad actors also lure their victims through social media pages or online games. Their main target is the channels of high-ranked YouTube content creators, which they can later sell for a high price or broadcast crypto frauds on them.
Google’s team asserted that it is not the only company that worked on the alert. It collaborated with YouTube, Trust & Safety, Gmail, CyberCrime Investigation Group, and Safe Browsing terms.
Following the mutual efforts, the group decreased the number of related phishing emails on Gmail by 99.6% since May 2021. Additionally, it blocked 1.6 million messages to victims, displayed nearly 62,000 Safe Browsing page warnings, restored around 4,000 accounts, and blocked 2,400 files.
“With increased detection efforts, we’ve observed attackers shifting away from Gmail to other email providers (mostly email.cz, post.cz, and aol.com). Moreover, to protect our users, we have referred the below activity to the FBI for further investigation,” Google’s Threat Analysis Group concluded.
How to Protect Yourselves?
In its report, Google gave some advice to YouTubers on protecting themselves from such phishing attacks.
First, users should take safe browsing warnings seriously and must perform virus scanning before running an unknown software.
Another helpful tool would be enabling the “Enhanced Safe Browsing Protection” mode on the Chrome browser – a feature that warns about suspicious web pages and files.
YouTube verification is also a must as it provides an extra layer of security to one’s account in case the password is stolen.
The Attacks on Steve Wozniak And Cardano’s Founder
At their core, such scams usually begin live streams on YouTube impersonating famous individuals (this time Steve Wozniak) and offer to double all BTC funds victims send to particular addresses. Needless to say, all people that fall for such dubious activities never receive the promised funds.
After almost a year, he lost the case as his arguments were not strong enough, reasoned the court.
Cardano’s founder Charles Hoskinson also threatened YouTube with a class-action lawsuit as the platform had failed to protect users from fake crypto giveaways. He also blamed Twitter for such inaction and accused the two giant companies of benefiting from the ongoing scams. As such, he vowed to investigate the matter thoroughly.