The Google Threat Analysis Group сообщила that it thwarted an attack by ‘Russian-speaking hackers’ on thousands of YouTube creators. They hijacked channels and used them, among other things, for fake cryptocurrency giveaways.
According to the company, since 2019 hackers posing as outreach requests for collaboration sent phishing emails to YouTube users. The malware contained in them allowed attackers to access bloggers’ cookies and passwords.
In addition to Gmail, the phishing campaign was carried out in WhatsApp, Telegram and Discord.
A large number of hijacked channels were renamed to technology companies associated with cryptocurrencies. Subsequently the hackers launched live streams on them, offering viewers the chance to participate in an airdrop of coins for an upfront payment. The value of hijacked channels ranged from $3 to $4,000 depending on subscriber counts.
Google said that the hackers recruited people for the group on a Russian-language forum. The company did not specify which one.
In total, Google blocked more than 1.6 million phishing links and restored access to 4,000 accounts — 99% of all affected bloggers.
The investigation findings have been handed to the FBI.
On October 18, a fake Bitcoin airdrop masquerading as an Apple gathered 30,000 viewers on YouTube.
Google and YouTube have repeatedly threatened lawsuits over the attackers’ actions. However, the court ruled that the platforms are not responsible for content posted by third parties.
Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, rates and analysis.