Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels.
Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on the ripped-off channels.
In a Wednesday post, Ashley Shen, with Google’s Threat Analysis Group (TAG), said that TAG attributes the assaults to a group of attackers recruited from a Russian-speaking forum. Since late 2019, they’ve been luring targets with fake collaboration come-ons, including requests to purchase ads on their targets’ channels.
(The collaboration pitch is similar to how [now-shuttered] Twitter accounts have been used to catfish security researchers by setting their traps with zero days and collaboration invitations.]
In order to elbow rightful channel owners out of the way, the attackers have been targeting YouTubers with cookie theft malware.
Cookie theft, which is also called session hijacking or pass-the-cookie attack, involves a crook inserting themself between a computer and a server in order to steal what’s known as