The number of video content creators has surged exponentially in every social media platform including YouTube during the pandemic.
The rate of cyber incidents has also increased in tandem with this surge in the number of YouTubers.
According to Google, a new phishing campaign using cookie theft malware has been discovered, which primarily targets YouTube content creators.
Since 2019, a network of hackers have been hijacking YouTube creators’ channels and luring them with collaboration opportunities to broadcast cryptocurrency scams or to sell the accounts to the highest bidder.
Cookie theft, also known as the “pass-the-cookie attack,” is a session hijacking tactic that gives an attacker access to user accounts which have stored session cookies in the browser.
It occurs when hackers steal the victim’s session ID and spoof the person’s cookie over the same network.
The two common methods to execute this attack are:
By tricking a user into clicking a malicious link with a pre-set session ID
By stealing the current session cookie
According to reports, the most common type of cookie theft occurs when a person accesses a secure website via an unprotected public Wi-Fi connection.
Even if the credentials are encrypted in transit, a hacker can steal the session ID and data being transferred and hijack the session.
For business prospects, the majority of YouTube video content creators have provided their email addresses.
The attackers make use of this email address to send forged business emails imitating an existing organization and soliciting participation in a video commercial. They would also send a personalized email that introduces the company and its offerings to the selected email address.
Once the target agrees to the offer, a malware landing page disguised as a software download URL is provided via email.
When a user clicks on the link, the attacker gains permission to deliver crafted malware-infected files as well as the user’s YouTube channel login cookies. Then the attackers encrypt the files, making it harder for the user to recognize their intentions. They can also hijack over the users’ YouTube account and channels even without their username or password.
According to researchers, the attackers have already exploited over 1,011 different domains connected with bogus firms for particular purposes to deliver malware.
And some of the websites which impersonated legitimate software sites were Luminar, Cisco VPN, and Steam games.
You can avoid being the target of cookie thefts by taking measures such as:
Analyzing the malware detection and warnings by your antivirus software
Avoid clicking on suspicious links or messages
Performing virus scanning before software installation
Enabling “Enhanced safe browsing protection” mode in your Chrome browser
Enabling 2-step verification to your accounts
By being aware of encrypted archives