Google disrupts massive phishing and malware campaign

Google has blocked 1.6 million phishing emails since May 2021 that were part of a malware campaign to hijack YouTube accounts and promote cryptocurrency scams. 

According to Google’s Threat Analysis Group (TAG), since late 2019 it’s been disrupting phishing campaigns run by a network of Russian hacker subcontractors who’ve been targeting YouTubers with “highly customized” phishing emails and cookie-stealing malware. 

ZDNet Recommends

The main goal of the group has been to hijack YouTube accounts to live-stream scams that offer free cryptocurrency in exchange for an initial contribution. The group’s other main revenue source was selling hijacked YouTube channels from $3 to $4,000 depending on how many subscribers a channel has. 

SEE: This new ransomware encrypts your data and makes some nasty threats, too

As of May this year, Google says it has blocked 1.6 million messages to targets, displayed 62,000 Safe Browsing phishing alerts, and restored around 4,000 hijacked accounts.   

The phishing emails delivered malware designed to steal session cookies from browsers. Though the “pass-the-cookie” attack is not new, it’s nifty: it doesn’t bypass multi-factor authentication (MFA), but works even when users enable MFA on an account because the session cookie is stolen after the user has

Read More: