How Hackers Hacked Thousands of Multi-Profile YouTube Accounts
Since at least In 2019, hackers hijacked high-profile the YouTube channels Sometimes they broadcast cryptocurrency scam, sometimes they just auction off account access. Now, Google has detailed the method used by hackers-for-hire to compromise thousands YouTube creator just the last two years.
Cryptocurrency scams and account taking on their own are not uncommon; Look no further than last fall’s Twitter hack for an example of that chaos on a scale. While the ongoing attack against YouTube accounts is good for its breadth and for the methods used by hackers, an old maneuver that is nonetheless not surprising to be defended against.
It all started with a phish. The attackers sent YouTube creators an email that appeared to be from a real service-such as a VPN, photo-editing app, or antivirus offering-and offered to cooperate. . They suggest a basic promotional arrangement: Show our product to your audience and we’ll give you a fee. It’s a kind of transaction that happens every day for YouTube lights, an increasingly influencer payment industry.
Clicking the link to download the product, however, brings the maker to a malware landing site instead of the real deal. In some cases hackers pretend to know a lot like Cisco VPN and Steam games, or pretend to be media outlets focused on Covid-19. Google says it has found more than 1,000 domains to date that have been established intentionally for infecting anonymous YouTubers. And that just shows the scales. The company also found 15,000 email accounts associated with the attackers behind the plot. Attacks are not as the work of one entity; instead, Google says, various hackers are advertising account -taking services on Russian -language forums.
Once a YouTuber accidentally downloads malicious software, it gets specific cookies from their browser. These “session cookies” verify that the user has successfully logged into their account. A hacker can upload stolen cookies to a malicious server, allowing them to identify as a proven victim. Session cookies are especially valuable to attackers because they remove the need to go through any part of the login process. Who needs credentials to get through the Death Star detention center if you can only borrow the shield of a stormtrooper?
“Additional security mechanisms such as two-factor authentication can present multiple barriers to attackers,” said Jason Polakis, a computer scientist at the University of Illinois, Chicago, who studies the methods of cookie theft. “That’s what makes browser cookies a very important resource for them, because they avoid the additional security and defense checks that are accumulated in the login process.”
Such “pass-the-cookie” methods have been around for more than a decade, but they are still effective. In these campaigns, Google says it has observed hackers using dozens of different off-the-shelf and open source malware tools to steal browser cookies from victims ’devices. Many of the hacking tools can also steal passwords.
“Account hijacking attacks remain a widespread threat, as attackers can access compromised accounts in many ways,” Polakis said. “Attackers may use compromised email accounts to spread scams and phishing campaigns, or may even use stolen session cookies to withdraw funds from one’s financial accounts. you are a victim. “