Google Crushes YouTube Cookie-Stealing Channel Hijackers

2021-10-20 19:45

Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on the ripped-off channels.

The cookie-stealing, cryptocurrency-scam running channel hijackers are still out there, but they've shifted from Gmail to other email providers: "mostly email.

Next up for anybody who falls for it is the malware landing page, disguised as a software-download URL sent via email or as a PDF on Google Drive or, in a few cases, tucked as a phishing link into a Google document.

YouTube has hardened channel transfer workflows, detected and auto-recovered over 99 percent of hijacked channels.

Starting November 1, monetizing YouTube creators must turn on 2-Step Verification on the Google Account used for their YouTube channel to access YouTube Studio or YouTube Studio Content Manager.

"Due to the extra layer of security granted by MFA, the attackers most likely had to increase the sophistication of their operation to breach these YouTube accounts" he noted in an email to Threatpost on Wednesday.

News URL

https://threatpost.com/google-youtube-channel-hijackers-cryptocurrency-scams/175617/

#google #youtube

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Google		102	253	4216	4506	727	9702