Crypto scammers are now targeting established YouTube creators as part of their schemes to lure potential victims. According to a report by Google’s Threat Analysis Group, there is an ongoing phishing campaign against YouTubers in a bid to compromise their channels, which are later rebranded and used for their scams.
Google’s Threat Analysis Group (TAG) said that hackers have been recruiting from a Russian-speaking forum known for enticing YouTube creators with fake collaboration opportunities, Cointelegraph reported. Once these YouTubers’ channels are hacked, they are then used in crypto scams or are sold to the highest bidders.
The hackers use cookie theft malware which can run on a target’s computer undetected. Once they gain access to a YouTube channel, hackers then rebrand it by changing its profile picture, name, and content to make it appear as the channel of a crypto exchange or large tech firm.
“A large number of hijacked channels were rebranded for cryptocurrency scam live-streaming,” the TAG said. “On account-trading markets, hijacked channels ranged from $3 USD to $4,000 USD depending on the number of subscribers.”
In the live-streamed videos, scammers lured potential victims with promises of giveaways in crypto in exchange for an initial contribution. To counter these types of attacks, Google invested in software that can detect and block phishing emails and cookie theft hijacking.
Google’s investment in security has proven to be particularly effective as the company said that since May 2021, the volume of Gmail phishing emails had gone down by 99.6 percent. “With increased detection efforts, we’ve observed attackers shifting away from Gmail to other email providers (mostly email.cz, seznam.cz, post.cz and aol.com),” Google said.
Aside from YouTube creators, hackers have also targeted some of the well-known crypto-focused websites. For instance, over 3.1 million users' email addresses from the price-tracking website CoinMarketCap were compromised and later sold online on various hacking forums.
“As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites,” CoinMarketCap said, according to CryptoDaily.
Comment 26