Security News > 2021 > October > Google Crushes YouTube Cookie-Stealing Channel Hijackers
Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on the ripped-off channels.
The cookie-stealing, cryptocurrency-scam running channel hijackers are still out there, but they've shifted from Gmail to other email providers: "mostly email.
Next up for anybody who falls for it is the malware landing page, disguised as a software-download URL sent via email or as a PDF on Google Drive or, in a few cases, tucked as a phishing link into a Google document.
YouTube has hardened channel transfer workflows, detected and auto-recovered over 99 percent of hijacked channels.
Starting November 1, monetizing YouTube creators must turn on 2-Step Verification on the Google Account used for their YouTube channel to access YouTube Studio or YouTube Studio Content Manager.
"Due to the extra layer of security granted by MFA, the attackers most likely had to increase the sophistication of their operation to breach these YouTube accounts" he noted in an email to Threatpost on Wednesday.
News URL
https://threatpost.com/google-youtube-channel-hijackers-cryptocurrency-scams/175617/