Google Warns High-Profile YouTube Accounts About Cookie-Stealing Malware

Google’s Threat Analysis Group (TAG) discovered on Wednesday, Oct.20 that several hackers were using cookie-stealing malware to exploit high-profile users on YouTube.

Mostly, the latest phishing attack involves a series of crypto scams that emerge from ripped-off YT channels.

YouTube Channels Hacked By Pass-the-Cookie Attack

According to a report by Threatpost, Google’s security researchers discovered that the cybercriminals have been carrying out their operations since 2019. On Russian-speaking forums, the search engine giant also spotted that there were several threat actors recruited to launch these attacks.

The hackers utilized fake ads or bogus landing pages and accounts, in addition to phishing emails that would steal users’ information. The main target of the criminals is the YouTube content creators who have a huge number of subscribers.

Some of the tools that Google noticed during the incident are Vidar, Nexus stealer, Vikro Stealer, Kantal, Grand Stealer, RedLine, and a lot more. Sorano and AdamantiumThief, an open-source code was also observed during the attack.

After injecting the malware into the systems, the hackers could now obtain the user’s data. They could also manage the cookies of the victims through the cookie-stealing malware.

According to TAG Security Engineer Ashley Shen, since the technique has been around for many years because of multi-factor authentication (MFA), cyber attackers have come up with a unique way of hacking through social engineering.

Shen added that the cookie-stealing malware could steal both cookies and passwords of a user, particularly in YouTube. The team also saw some anti-sandboxing methods in the recent attack such as IP loading download, enlarged files, and archive encryption.

Google Detects At Least 1,011 Domains and 15,000 Actor Accounts

The Google security team did not only find out the obvious attackers in the Russian forums but also the number of threat…