Google’s Threat Analysis Group (TAG) has released a report detailing an elaborate cookie theft malware campaign that has targeted YouTube creators since late 2019.
TAG identified the group of actors as “Hack-for-Hire attackers” recruited via Russian-speaking forums. The objective, as advertised, was to deliver a “pass-the-cookie attack,” which would enable access to user accounts with session cookies stored in the browser. Attackers utilized an arsenal of well-known and open-sourced malware. However, with wider adoption of multi-factor authentication (MFA), attacks relied mainly on social engineering tactics.
YouTubers were targeted through phishing emails introducing a software product and requesting video advertisement for that product. Once the target agreed to the deal, a malware landing page disguised as a software download URL was sent via email or a PDF on Google Drive. Consequently, a large number of channels were hijacked, and others were sold on the underground market. Their value ranged depending on the total number of subscribers.
At least 1,011 domains linked to these attacks were identified, connecting roughly 15,000 actor accounts specifically created for this campaign.
Analyst Notes
In this particular campaign, attackers sent forged business emails impersonating an existing company to trick their targets into downloading and executing malicious software. Social engineering attacks rely on human interaction to obtain or compromise information from an organization or computer system.
Some best practices to prevent social engineering attacks include:
• Avoid clicking suspicious links or messages
• Research any unknown sources
• Question and verify any urgent call to action
• Enable multi-factor authentication
• Use strong passwords with upper case and lower-case characters, numbers, symbols and ten or more characters total
• Avoid sharing correct personal information when setting up accounts
• Conduct regular user awareness training for overall cyber security hygiene
• Strengthen your endpoint security with Binary Defense Managed Detection & Response solutions
https://blog.google/threat-analysis-group/phishing-campaign-targets-youtube-creators-cookie-theft-malware/
https://www.bleepingcomputer.com/news/security/google-youtubers-accounts-hijacked-with-cookie-stealing-malware/
