TAG Report Hacked YouTube Account Used For Crypto-Related Scam

YouTube accounts were reportedly hacked using cookie-stealing malware. (photo: doc. unsplash)

JAKARTA— A new report shared by Google's Threat Analysis Group (TAG) highlights an ongoing phishing campaign against YouTube content creators. This usually results in compromise and the sale of channels to broadcast cryptocurrency scams.

TAG linked the attack to a group of hackers recruited on a Russian-language forum, who hacked into content creators' channels by offering fake collaboration opportunities. Once hijacked, YouTube channels are sold to the highest bidder or used to broadcast cryptocurrency scams.

“A large number of hijacked channels were renamed for live streaming of cryptocurrency scams. In the account trading market, channels are hijacked with prices ranging from US$3 (IDR 42 thousand) to US$4,000 (IDR 56.9 million) depending on the number of subscribers", said a source from TAG.

YouTube accounts were reportedly hacked using cookie-stealing malware, fake software configured to run on victims' computers undetected. TAG also reported that hackers also changed the name, profile picture, and content of YouTube channels to impersonate large technology or cryptocurrency exchange companies.

According to Google, “the attacker's live streaming video promised a cryptocurrency reward in exchange for an initial contribution.” The company has invested in tools to detect and block phishing and social engineering emails, cookie theft hijackings, and live streaming crypto-scams as countermeasures.

Given ongoing efforts, Google has managed to reduce Gmail's phishing email volume by 99.6% since May 2021. “With detection efforts increasing, we have observed attackers switching from Gmail to other email providers (mostly email.cz, seznam.cz, post .cz and aol.com)", the company added.

Google has also shared the above findings with the United States Federal Bureau of Investigation (FBI) for further investigation.

More than 3.1 million (3,117,548) user email addresses were reportedly leaked from the crypto price tracking website CoinMarketCap.

According to a Cointelegraph report, Have I Been Pwned, a website dedicated to tracking online hacks found hacked email addresses were being traded and sold online on various hacking forums.

CoinMarketCap acknowledged the correlation of the leaked data with their user base but stated that no evidence of hacking was found on their internal servers.

"Since no password was included in the data we looked at, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites", said a source from CoinMarketCap.