How hackers are hijacking YouTube accounts to run ads for cryptocurrency scams | PC Gamer - baileyjakfam
How hackers are highjacking YouTube accounts to bleed ads for cryptocurrency scams
Google's Threat Depth psychology Group has shared details near a long-running phishing movement targeting YouTubers. The campaign, plainly being carried out aside hackers recruited in a Russian-speaking forum, uses "bogus coaction opportunities" to attract YouTubers, then hijacks their channel using a "flip-the-cookie attack," with the goal of either selling it off or victimization it to broadcast—naturally—cryptocurrency scams.
The attacks start out with a phishing electronic mail offering a promotional collaboration. Once the deal is agreed, the YouTuber is dispatched a link to a malware page disguised to look like a download URL. This is where the real action begins: When the target area runs the package, it pulls cookies from their PCs and uploads them to "dictation and command servers" operated by the hackers.
Having those cookies, Eastern Samoa Google explains, "enables access to drug user accounts with school term cookies stored in the browser." This means hackers don't need to trouble approximately stealing the YouTuber's login credentials, because the cookies makes remote sites think they'atomic number 75 already logged in.
"Cookie theft" is actually an old whole number hijacking proficiency that's enjoying a resurgence among unscrupulous actors, possibly because of the widespread adoption of surety precautions that have made newer hacking techniques more difficult to rive off. Two-broker hallmark, for case, is a common security feature on better websites these years, but is ineffective against cookie theft. (You should still definitely be exploitation IT wherever contingent, though.)
"Additional security mechanisms same two-factor authentication can present considerable obstacles to attackers," University of Illinois Chicago computer scientist Jason Polakis told Ars Technica. "That renders browser cookies an extremely valuable resource for them, equally they can invalidate the additional security checks and defenses that are triggered during the login process."
A "large number" of channels hijacked this elbow room are rebranded to impersonate large technology firms or cryptocurrency exchanges, and then begin running streams bright cryptocurrency giveaways in exchange for an up-advance payment. Those that are sold off on write u-trading markets fetch from $3 to $4000, depending on the number of subscribers they have.
Google said it's reduced the amount of phishing emails related to these attacks by 99.6% since May 2021, and has blocked rough 1.6 million emails and 2,400 files sent to targets. As a result, attackers are opening to move to not-Gmail providers, "mostly email.cz, seznam.cz, post.cz and aol.com." But the double challenge in cybersecurity, as always, is the human component. Phishing emails privy be remarkably shoddy (I've destroyed for at to the lowest degree one myself, and I know more or less this satiate), and once the wheels start turn on that process it can be very difficult to stop.
The predict of "something for nothing" has great allure too: The big Chirrup hack that occurred in 2020 (which actually began with a "phone spear phishing attack") siphoned more than $100,000 from victims in a single day, simply past promising to double their Bitcoin contributions as a way of life of "openhanded back to the community."
Andy has been gaming on PCs from the very beginning, starting as a youngster with school tex adventures and primitive action games on a cassette-founded TRS80. From there he gradational to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, erudite how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. Helium began writing videogame news in 2007 for The Escapist and somehow managed to nullify getting discharged until 2014, when he joined the storeyed ranks of PC Gamer. He covers totally aspects of the industry, from new game announcements and dapple notes to legal disputes, Twitch beefs, esports, and Henry Cavill. Lots of Henry Cavill.
Source: https://www.pcgamer.com/how-hackers-were-hijacking-youtube-accounts-to-run-ads-for-cryptocurrency-scams/
Posted by: baileyjakfam.blogspot.com
0 Response to "How hackers are hijacking YouTube accounts to run ads for cryptocurrency scams | PC Gamer - baileyjakfam"
Post a Comment