Cookie Theft: Phishing Campaign Targets YouTube Creators

The number of video content creators has surged exponentially in every social media platform including YouTube during the pandemic.

The rate of cyber incidents has also increased in tandem with this surge in the number of YouTubers.

According to Google, a new phishing campaign using cookie theft malware has been discovered, which primarily targets YouTube content creators.

Since 2019, a network of hackers have been hijacking YouTube creators’ channels and luring them with collaboration opportunities to broadcast cryptocurrency scams or to sell the accounts to the highest bidder.

What is cookie theft?

Cookie theft, also known as the “pass-the-cookie attack,” is a session hijacking tactic that gives an attacker access to user accounts which have stored session cookies in the browser.

It occurs when hackers steal the victim’s session ID and spoof the person’s cookie over the same network.

The two common methods to execute this attack are:

1. By tricking a user into clicking a malicious link with a pre-set session ID

2. By stealing the current session cookie

According to reports, the most common type of cookie theft occurs when a person accesses a secure website via an unprotected public Wi-Fi connection.

Even if the credentials are encrypted in transit, a hacker can steal the session ID and data being transferred and hijack the session.

How do YouTube creators get targeted?

For business prospects, the majority of YouTube video content creators have provided their email addresses.

The attackers make use of this email address to send forged business emails imitating an existing organization and soliciting participation in a video commercial. They would also send a personalized email that introduces the company and its offerings to the selected email address.

Once the target agrees to the offer, a malware landing page disguised as a software download URL is provided via email.

When a user clicks on the link, the attacker gains permission to deliver crafted malware-infected files as well as the user’s YouTube channel login cookies. Then the attackers encrypt the files, making it harder for the user to recognize their intentions. They can also hijack over the users’ YouTube account and channels even without their username or password.

According to researchers, the attackers have already exploited over 1,011 different domains connected with bogus firms for particular purposes to deliver malware.

And some of the websites which impersonated legitimate software sites were Luminar, Cisco VPN, and Steam games.

How to be safe from cookie thefts?

You can avoid being the target of cookie thefts by taking measures such as:

1. Analyzing the malware detection and warnings by your antivirus software

2. Avoid clicking on suspicious links or messages

3. Performing virus scanning before software installation

4. Enabling “Enhanced safe browsing protection” mode in your Chrome browser

5. Enabling 2-step verification to your accounts

6. By being aware of encrypted archives

WRITTEN BY

Meera Mathews

Front-end Developer