viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
How hackers hijacked thousands of high-profile YouTube accounts
Technology

How hackers hijacked thousands of high-profile YouTube accounts

21/10/2021

How hackers hijacked thousands of high-profile YouTube accounts

Future Publishing | Getty Images

Since at least 2019, hackers have been hijacking high-profile YouTube channels. Sometimes they broadcast cryptocurrency scams, sometimes they simply auction off access to the account. Now, Google has detailed the technique that hackers-for-hire used to compromise thousands of YouTube creators in just the past couple of years.

Cryptocurrency scams and account takeovers themselves aren’t a rarity; look no further than last fall’s Twitter hack for an example of that chaos at scale. But the sustained assault against YouTube accounts stands out both for its breadth and for the methods the hackers used, and an old maneuver that’s nonetheless incredibly tricky to defend against.

It all starts with a phish. Attackers send YouTube creators an email that appears to be from a real service—like a VPN, photo editing app, or antivirus offering—and offer to collaborate. They propose a standard promotional arrangement: Show our product to your viewers and we’ll pay you a fee. It’s the kind of transaction that happens every day for YouTube’s luminaries, a bustling industry of influencer payouts.

Clicking the link to download the product, though, takes the creator to a malware landing site instead of the real deal. In some cases the hackers impersonated known quantities like Cisco VPN and Steam games, or pretended to be media outlets focused on COVID-19. Google says it has found over 1,000 domains to date that were purpose-built for infecting unwitting YouTubers. And that only hints at the scale. The company also found 15,000 email accounts associated with the attackers behind the scheme. The attacks don’t appear to have been the work of a single entity; rather, Google says, various hackers advertised account takeover services on Russian-language forums.

Advertisement

Once a YouTuber inadvertently downloads the malicious software, it grabs specific cookies from their browser. These “session cookies” confirm that the user has successfully logged in to their account. A hacker can upload those stolen cookies to a malicious server, letting them pose as the already authenticated victim. Session cookies are especially valuable to attackers because they eliminate the need to go through any part of the login process. Who needs credentials to sneak into the Death Star detention center when you can just borrow a stormtrooper’s armor?

“Additional security mechanisms like two-factor authentication can present considerable obstacles to attackers,” says Jason Polakis, a computer scientist at the University of Illinois, Chicago, who studies cookie theft techniques. “That renders browser cookies an extremely valuable resource for them, as they can avoid the additional security checks and defenses that are triggered during the login process.”

Such “pass-the-cookie” techniques have been around for more than a decade, but they’re still effective. In these campaigns, Google says it observed hackers using about a dozen different off-the-shelf and open source malware tools to steal browser cookies from victims’ devices. Many of these hacking tools could also steal passwords.

“Account hijacking attacks remain a rampant threat, because attackers can leverage compromised accounts in a plethora of ways,” Polakis says. “Attackers can use compromised email accounts to propagate scams and phishing campaigns or can even use stolen session cookies to drain the funds from a victim’s financial accounts.”

Google wouldn’t confirm which specific incidents were tied to the cookie-theft spree. But a notable surge in takeovers occurred in August 2020, when hackers hijacked multiple accounts with hundreds of thousands of followers and changed the channel names to variations on “Elon Musk” or “Space X,” then livestreamed bitcoin giveaway scams. It’s unclear how much revenue any of them generated, but presumably these attacks have been at least moderately successful given how pervasive they became.

Advertisement

This type of YouTube account takeover ramped up in 2019 and 2020, and Google says it convened a number of its security teams to address the issue. Since May 2021 the company says it has caught 99.6 percent of these phishing emails on Gmail, with 1.6 million messages and 2,400 malicious files blocked, 62,000 phishing page warnings displayed, and 4,000 successful account restorations. Now Google researchers have observed attackers transitioning to targeting creators who use email providers other than Gmail—like aol.com, email.cz, seznam.cz, and post.cz—as a way of avoiding Google’s phishing detection. Attackers have also started trying to redirect their targets over to WhatsApp, Telegram, Discord, or other messaging apps to keep out of sight.

“A large number of hijacked channels were rebranded for cryptocurrency scam live-streaming,” Google TAG explains in a blog post. “The channel name, profile picture and content were all replaced with cryptocurrency branding to impersonate large tech or cryptocurrency exchange firms. The attacker live-streamed videos promising cryptocurrency giveaways in exchange for an initial contribution.”

Though two-factor authentication can’t stop these malware-based cookie thefts, it’s an important protection for other types of scams and phishing. Beginning on November 1, Google will require YouTube creators who monetize their channels to turn on two-factor for the Google account associated with their YouTube Studio or YouTube Studio Content Manager. It’s also important to heed Google’s “Safe Browsing” warnings about potentially malicious pages. And as always, be careful what you click and which attachments you download from your email.

The advice for YouTube viewers is even simpler: If your favorite channel is pushing a cryptocurrency deal that seems too good to be true, give it some Dramatic Chipmunk side eye and move on.

This story originally appeared on wired.com.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

Oxford VR raises $13 million for therapy platform
U.K.-based Oxford VR hopes to lead the way in automated …

Oxford VR raises $13 million for therapy platform

Rethinking your tech stack to stay relevant in an AI-powered world (VB Live)
Presented by SambaNova Systems To stay on top of cutting-edge …

Rethinking your tech stack to stay relevant in an AI-powered world (VB Live)

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Hey, developers: Brazil is waiting for you
    Hey, developers: Brazil is waiting for you
    29/08/2020
  • Twitter deal leaves Elon Musk with no easy way out
    Twitter deal leaves Elon Musk with no …
    19/05/2022
  • App Annie: The biggest apps and games of 2019
    App Annie: The biggest apps and games …
    17/12/2019
  • ‘Breaking Bad’ star Giancarlo Esposito has to be the next Far Cry villain, right?
    ‘Breaking Bad’ star Giancarlo Esposito has to …
    03/07/2020
  • TechCrunch’s Favorite Things of 2019
    Musicians pulled in $4.3M after Bandcamp waived …
    23/03/2020

Popular Posts

  • 10 Unusual Things That Have Washed Ashore …
    18/06/2022 0
  • 10 Things You Might Not Know About …
    20/05/2022 0
  • Hackers backdoor PHP source code after breaching internal git server
    Researchers find backdoor lurking in WordPress plugin …
    21/05/2022 0
  • 10 Cockamamie Causes of Riots – Listverse
    21/05/2022 0
  • Top 10 Dumbest Products on Shark Tank …
    21/05/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh