According to Google, YouTube influencers have been targeted with password-stealing malware in a phishing campaign allegedly conducted by Russian-speaking cybercriminals.
Security experts with Google’s Threat Analysis Group (TAG), who first noticed the operation in late 2019, say that the company had disrupted phishing campaigns ever since. According to them, the YouTube creators have been targeted with “highly customized” phishing emails and cookie-stealing malware.
In order to infect YouTubes with information-stealing malware, the attackers used social engineering tactics (through bogus software landing pages and social media pages) and phishing emails.
As mentioned by BleepingComputer, the hackers use a variety of infections, with many of them publicly available on Github. Some of them included RedLine, Vidar, Predator The Thief, Nexus Stealer, Azorult, Raccoon, Grand Stealer, Vikro Stealer, Masad, and Kantal, as well as open-source malware like AdamantiumThief and Sorano.
Once installed on the victim’s network, the malware was employed to steal their login info and browser cookies, enabling the hackers to hijack their accounts through pass-the-cookie techniques.
Ashley Shen, a TAG Security Engineer, declared:
While the technique has been around for decades, its resurgence as a top security risk could be due to a wider adoption of multi-factor authentication (MFA) making it difficult