Since at least  2019, hackers have been hijacking high-profile YouTube channels. Sometimes they broadcast cryptocurrency scams, sometimes they simply

How Hackers Hijacked Thousands of High-Profile YouTube Accounts

submited by
Style Pass
2021-10-20 17:30:08

Since at least 2019, hackers have been hijacking high-profile YouTube channels. Sometimes they broadcast cryptocurrency scams, sometimes they simply auction off access to the account. Now, Google has detailed the technique that hackers-for-hire used to compromise thousands of YouTube creators in just the past couple of years.

Cryptocurrency scams and account takeovers themselves aren’t a rarity; look no further than last fall’s Twitter hack for an example of that chaos at scale. But the sustained assault against YouTube accounts stands out both for its breadth and for the methods hackers used, an old maneuver that’s nonetheless incredibly tricky to defend against.

It all starts with a phish. Attackers send YouTube creators an email that appears to be from a real service—like a VPN, photo editing app, or antivirus offering—and offer to collaborate. They propose a standard promotional arrangement: Show our product to your viewers and we’ll pay you a fee. It’s the kind of transaction that happens every day for YouTube’s luminaries, a bustling industry of influencer payouts.

Clicking the link to download the product, though, takes the creator to a malware landing site instead of the real deal. In some cases the hackers impersonated known quantities like Cisco VPN and Steam games, or pretended to be media outlets focused on Covid-19. Google says it’s found over 1,000 domains to date that were purpose-built for infecting unwitting YouTubers. And that only hints at the scale. The company also found 15,000 email accounts associated with the attackers behind the scheme. The attacks don’t appear to have been the work of a single entity; rather, Google says, various hackers advertised account takeover services on Russian-language forums.

Leave a Comment