Google’s Threat Analysis Group has recently published a report detailing how over the past few years phishing hackers have hijacked popular YouTube accounts to make money through cryptocurrency scams and other methods. Since late 2019, Google has tracked and disrupted the scammers, described as “a group of hackers recruited in a Russian-speaking forum.” Combining cookie-based malware and social engineering tactics, their operational model is not very sophisticated nor radically innovative, but nevertheless, extremely effective given the method’s popularity. The operators typically start by sending an email to the YouTube account holder, conveying interest in a collaboration. The “from” address is usually a falsified business email that impersonates a real company. The promotions could be anything from anti-virus software or VPN to online games and editing apps. Just like any other influencer deal, the email will then discuss a standard promotional arrangement. The YouTuber would be required to promote the product …
RSS Feed | The Epoch Times