Security News > 2021 > October > Google: YouTubers’ accounts hijacked with cookie-stealing malware
Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors.
The threat actors used social engineering and phishing emails to infect YouTube creators with information-stealing malware, chosen based on each attacker's preference.
Malware observed in the attacks includes commodity strains like RedLine, Vidar, Predator The Thief, Nexus stealer, Azorult, Raccoon, Grand Stealer, Vikro Stealer, Masad, and Kantal, and open-source ones such as Sorano and AdamantiumThief.
Once delivered on the targets' systems, the malware was used to steal their credentials and browser cookies which allowed the attackers to hijack the victims' accounts in pass-the-cookie attacks.
Google identified at least 1,011 domains linked to these attacks and roughly 15,000 actor accounts specifically created for this campaign and used to deliver phishing emails containing links redirecting to malware landing pages to YouTube creators' business emails.
A significant number of YouTube channels hijacked in these attacks were later rebranded to impersonate high-profile tech executives or cryptocurrency exchange firms and used for live streaming cryptocurrency scams.
News URL
Related news
- Meet VexTrio, a network of 70K hijacked websites crooks use to sling malware, fraud (source)
- Google open sources file-identifying Magika AI for malware hunters and others (source)
- Anatsa Android malware downloaded 150,000 times via Google Play (source)
- Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Google's new AI search results promotes sites pushing malware, scams (source)