It has become clear that hackers have taken over popular YouTube channels frequently since 2019 at the latest. Criminals who have succeeded in hijacking these YouTube channels are using these YouTube channels for fraud involving virtual currency (cryptocurrency, crypto-assets) and selling accounts.
In the meantime, Google has released details of the methods employed by hackers to hijack the accounts of thousands of YouTubers in the past few years.
Scams and account takeovers related to cryptocurrencies are not necessarily uncommon. As a case that caused large-scale confusion, the Twitter account hacking incident in the fall of 2020 is still fresh in our minds.
However, the relentless attacks on YouTube accounts stand out for both the pervasiveness of the damage and the methods used by the hackers. Hackers aren't using any new techniques, but they're becoming very difficult to defend against.
All the tricks start with phishing. By disguising it as a real service, such as a VPN (virtual private network), a photo editing app, or an antivirus software, you send an email requesting cooperation from a YouTuber.
The email contains standard promotional requests, such as offering a reward for introducing a product to a viewer. In an industry that often pays influencers, receiving such emails is a daily occurrence for popular YouTubers.
However, when you click the link to download the product, you are directed to a malware landing page instead of the real site. In some cases, hackers are masquerading as promoters for well-known products such as Cisco VPNs and games for the gaming platform Steam. They may also impersonate operators of media focused on COVID-19.
According to Google, a domain created to infect unsuspecting YouTuber accounts However, more than 1,000 have been discovered so far. That's not enough to show how big it is, but they found 15,000 email accounts associated with the attackers behind the scheme.
Therefore, it is highly likely that this attack was not carried out in isolation. Various hackers have advertised their account takeover service on Russian-language forums, Google said.
When a YouTuber unknowingly downloads malicious software, it steals a unique cookie from their browser, called a "session cookie." This cookie confirms that the user has successfully logged into their account. A hacker could then upload stolen cookies to a malicious server to impersonate an already authenticated victim.
Session cookies are invaluable to attackers because they do not need to go through any part of the login process. To use the Star Wars analogy, you don't need credentials to sneak into the Death Star's jail once you've borrowed your stormtrooper's armor.
"Additional security measures such as two-step verification can prevent attackers considerably," says Jason Polakis, a computer scientist who studies cookie theft at the University of Illinois at Chicago. “This makes browser cookies a very valuable resource for attackers, as they can avoid additional security checks and defenses caused by the login process.”
![A workaround that can be used immediately after the iPhone 13 freezes (Lifehacker [Japan version]) --Yahoo! News](https://website-google-hk.oss-cn-hongkong.aliyuncs.com/drawing/article_results_7/2022/3/3/45e4bce7ecbeb696b3a7fb4669c70965_1.jpeg)
