The Google Threat Analysis Group [TAG] shared a report that noted an ongoing phishing campaign against the creators on YouTube. This exploit resulted in the sale of the channel to the highest bidder or use to broadcast cryptocurrency scams.
An update shared by Google stated that the actors behind this campaign could be a group of hackers recruited in a Russian-speaking forum. It added,
“The actors behind this campaign, which we attribute to a group of hackers recruited in a Russian-speaking forum, lure their target with fake collaboration opportunities (typically a demo for anti-virus software, VPN, music players, photo editing or online games), hijack their channel, then either sell it to the highest bidder or use it to broadcast cryptocurrency scams.”
The team observed, a large number of hijacked channels were rebranded for cryptocurrency scam live-streaming. However, streaming of crypto scams is not really new on the platform. The crypto scams and account takeovers have been happening for a long time.
In fact, even this time a large number of hijacked channels were used to promote crypto scams.
“A large number of hijacked channels were rebranded for cryptocurrency scam live-streaming. On account-trading markets, hijacked channels ranged from $3 USD to $4,000 USD depending on the number of subscribers.”
Phishing has been the trickiest act to pull and also to defend against. The attackers send YouTube creators an email that appeared legitimate for a VPN, Photo editing app, etc., and offer to collaborate.
As they crack a promotional deal with the channel host to showcase their products in exchange for a fee, clicking on the product to download moves the creators to a malware landing site, instead of the actual thing.
Google found over 1,000 domains to date and invested in tools to detect and block phishing and social engineering emails, cookie theft hijacking, and crypto-scam live streams as a quick fix. It managed to decrease the volume of Gmail phishing emails by 99.6% since May 2021.
“With increased detection efforts, we’ve observed attackers shifting away from Gmail to other email providers (mostly email.cz, seznam.cz, post.cz and aol.com).”
The company shared this information with the Federal Bureau of Investigation [FBI] of the United States for investigation.
As per reports, nearly 3.1 million user email addresses linked to CoinMarketCap accounts were being traded on hacking forums on Saturday. According to the information revealed by Have I Been Pwned, CMC fell victim to a hack and confirmed the list of leaked user accounts.
“CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses, we have found a correlation with our subscriber base.”
The company noted that the hackers did not gain access to any passwords, but they are yet to find out the exact cause of the hack.
Looks like the crypto slogan, “do your own research” once again stands true in light of an active spot market, and rising scams.