Google quashed 1.6 mn cookie-theft phishing attacks targeting YouTubers

Google’s Threat Intelligence Group said that it has blocked about 1.6 million phishing emails since early 2019.

These were part of a malicious malware campaign run allegedly by recruits from a Russian-speaking hacker forum.  

The attackers lured victims through bait such as music players, online games, anti-virus software demos or free VPN. They then hijacked the systems and sold it in the dark web to the highest bidders.  

"With increased detection efforts, we have observed attackers shifting away from Gmail to other email providers (mostly email.cz, seznam.cz, post.cz and aol.com)," the blog post said.

The Threat Intelligence Group along with YouTube, Gmail, Trust and Safety, CyberCrime investigation Group and Safe Browsing teams, said that it had restored 4,000 accounts (indicating that the hackers infiltrated targets at least 4,000 times), and blocked 24,000 files, while displaying 62,000 safe browsing warnings on potential phishing sites. 

Phishing is the method of sending fraudulent emails purporting to be from reputable companies.  

The major malware in question are Cookie theft Malware (Malware that steals a browser’s cookie files), which Google said it has been mitigating since late 2019.  

“While the(Cookie theft) technique has been around for decades, its resurgence as a top security risk could be due to a wider adoption of multi-factor authentication (MFA) making it difficult to conduct abuse, and shifting attacker focus to social engineering tactics,” said Google in the blog post.  

An example of how it targets users is through first collecting email addresses shown publically by YouTube creators.

The attackers send fraudulent business emails requesting for a video advertisement collaboration.  

After initially winning the confidence of the victim, a malware landing page disguised as a download URL or PDF on Google was sent to the victim.

“Around 15,000 actor accounts were identified, most of which were created for this campaign specifically,” Google said.