Categories: Technology

How hackers hijacked thousands of high-profile YouTube accounts

Because at least In 2019, hackers hijacked YouTube channel.Sometimes they broadcast Cryptocurrency scam, Sometimes they just auction access to the account.Now Google has detailed Hire hackers to destroy thousands YouTube creator Just in the past few years.

Cryptocurrency scams and account takeovers are not uncommon in themselves; the Twitter hack last fall is an example of this massive chaos. However, continuous attacks on YouTube accounts are notable due to their breadth and methods used by hackers. This is an ancient strategy, but it is very tricky to defend.

It all started with one PhishingThe attacker sends an email that appears to come from a real service (such as a VPN, photo editing application, or antivirus product) to the YouTube creator and provides collaboration. They put forward a standard promotional arrangement: show our products to your audience, and we will pay you. For YouTube celebrities, this is a transaction that happens every day, and this is a bustling influencer spending industry.

However, clicking on the link to download the product will bring the creator to the malware landing site instead of the actual trading site. In some cases, hackers will pretend to be known numbers such as Cisco VPN and Steam games, or pretend to be media focused on Covid-19. Google said that so far it has discovered more than 1,000 domains built specifically to infect unsuspecting YouTube users. This just implies scale. The company also discovered 15,000 email accounts related to the attackers behind the program. These attacks do not appear to be the work of a single entity; instead, Google stated that various hackers promoted account takeover services on Russian-language forums.

Once a YouTuber unintentionally downloads malware, it will obtain a specific cookie from their browser. These “session cookies” confirm that the user has successfully logged into their account. Hackers can upload these stolen cookies to a malicious server, allowing them to impersonate an authenticated victim. Session cookies are particularly valuable to attackers because they do not need to go through any part of the login process. When you can borrow the armor of the stormtroopers, who needs credentials to sneak into the Death Star Detention Center?

“Additional security mechanisms like two-factor authentication can present a considerable obstacle to attackers,” said Jason Polakis, a computer scientist who studies cookie theft at the University of Illinois in Chicago. “This makes browser cookies an extremely valuable resource for them because they can avoid additional security checks and defenses that are triggered during the login process.”

This “pass cookie” technology has existed for more than a decade, but they are still effective. In these activities, Google stated that it has observed hackers using a dozen different off-the-shelf and open-source malware tools to steal browser cookies from victims’ devices. Many of these hacking tools can also steal passwords.

“Account hijacking attacks are still a rampant threat because attackers can use stolen accounts in many ways,” Polakis said. “Attackers can use infected email accounts to spread scams and phishing activities, and can even use stolen session cookies to withdraw funds from victims’ financial accounts.”

Source link


Recent Posts

7 best things about Lebanon [with Suggested Tours]

You plan to go Lebanon soon? Read our tips below Things to do in Lebanon…

4 hours ago

Does travel really change people?

Does travel really change people? Let my best things be sent directly to you! [id^="_form"][id^="_form"][id$="_submit"][id$="_submit"][+_a-z0-9-'&=][+_a-z0-9-'&=][id^="_form"][id^="_form"][id$="_submit"][id$="_submit"][+_a-z0-9-'&=][+_a-z0-9-'&=]…

17 hours ago

HCD 10: Karin Henderson, clinician

As a leader in the field of nursing and healthcare management for 20 years, Karin…

19 hours ago

10 things to do in San Antonio, USA [with Suggested Tours]

You plan to go San Antonio soon? Read our tips below Outdoor Activities in San…

2 days ago

Stephen Fulton defeated Brandon Figueroa in the Fighting Candidate of the Year, unifying the title of 122 pounds

show time Stephen Fulton won his second title in the super bantamweight division in a…

2 days ago

George Kambosos defeated Teofimo Lopez Jr. with an amazing defeat to win the unified lightweight title

Teofimo Lopez promised to play against George Kambosos Jr. and defend his unified lightweight world…

2 days ago