How hackers have hijacked thousands of high profile YouTube accounts

At least since 2019, hackers are hijacking high-profile YouTube channels. Sometimes they broadcast cryptocurrency scams, sometimes they block access to the account. Now, Google has used tactics to compromise with hacker-for-hire YouTube creators over the past few years.

Cryptocurrency scandals and account grabs themselves are not uncommon; Look no further than the Twitter hack of last fall for an example of that chaos on the scale. But the constant attacks against YouTube accounts are different for its breadth and the methods used by hackers, an old strategy that is still incredibly clever to defend.

It all starts with a fish. The attackers send an email to YouTube creators that comes from a real service – such as a VPN, photo editing app or antivirus offer – and offer cooperation. They offer a standard promotional measure: show our products to your audience and we’ll give you a fee. This is the kind of transaction that happens every day for the luminaires of YouTube, which is a thriving industry of influential money making.

Clicking on the link to download the product also takes the creator to a malware landing site instead of the actual deal. In some cases, the hackers disguised themselves as Cisco VPNs and Steam games, or pretended to be media outlets focusing on Covid-1 on. Google says it has found 1,000 domains to date that were created to inadvertently infect YouTube. And it only hints at the scale. The company also found 15,000 email accounts linked to the attackers behind the scheme. Attacks do not seem to be the work of a single entity; Instead, Google says, various hackers advertised account-grabbing services in Russian-language forums.

Once a YouTuber inadvertently downloads malicious software, it will catch certain cookies from their browser. This “session cookie” ensures that users have successfully logged in to their account. A hacker can upload those stolen cookies to a malicious server, allowing them to be exposed as already proven victims. Session cookies are especially valuable for attackers because they eliminate the need to go through any part of the login process. Whose credentials are required to enter the Death Star Detention Center?

“Additional security measures, such as two-factor authentication, can be a significant deterrent to attackers,” said Jason Polakis, a computer scientist at the University of Illinois at Chicago who is studying cookie theft techniques. “This renders browser cookies an extremely valuable resource for them, as they can avoid additional security checks and defenses triggered during the login process.”

Such “pass-the-cookie” strategies have existed for more than a decade, but they are still effective. In the campaign, Google said it has targeted hackers who steal browser cookies from victims’ devices using about a dozen different off-the-shelf and open source malware tools. Many of these hacking tools can steal passwords.

“Account hijacking attacks remain a formidable threat, as attackers can use compromised accounts in a variety of ways,” Polakis said. “Attackers can use compromised email accounts to promote scams and phishing campaigns, or withdraw funds from victims’ financial accounts using stolen session cookies.”

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button