According to Google’s Threat Analysis Group, cybercriminals in Russia have been targeting YouTube content creators in phishing campaigns for the last two years. The bad actors often hijack their channels and either sell them back for a higher price or employ them to broadcast crypto scams. Google’s team and its partners have decreased the number of related phishing emails on Gmail by 99.6% since May 2021.
Russian hackers attacked many YouTubers with “highly customized” phishing emails.
In its report, Google’s team explained that some hackers recruited in a Russian-speaking forum had attacked many YouTubers with “highly customized” phishing emails and cookie-stealing malware. Some commodity malware used included RedLine, Predator The Thief, Vidar, Azorult, Raccoon, Grand Stealer, and more. The bad actors also lure their victims through social media pages or online games. Hackers’ main target is the channels of high-ranked YouTube content creators, which they can later sell for a high price or broadcast crypto frauds on them.
Google worked collaborated with different companies to work on the alert.
Google’s team asserted in its report that it is not the only company that worked on the alert. It collaborated with YouTube, Trust & Safety, Gmail, CyberCrime Investigation Group, and Safe Browsing terms. Following the mutual efforts, the group decreased the number of related phishing emails on Gmail by 99.6% since May 2021. Additionally, it blocked 1.6 million messages to victims, displayed nearly 62,000 Safe Browsing page warnings, restored around 4,000 accounts, and blocked 2,400 files. “With increased detection efforts, we’ve observed attackers shifting away from Gmail to other email providers (mostly email.cz, post. cz, and aol.com). Moreover, to protect our users, we have referred the below activity to the FBI for further investigation,” Google’s Threat Analysis Group concluded.