[ad_1]
At least In 2019, hackers hijacked high-ranking YouTube channels. Sometimes they broadcast cryptocurrency scams, sometimes they just auction access to the account. Google is now detailing the technique that hired hackers have used to compromise thousands of YouTube creators in the last few years alone.
Cryptocurrency fraud and billing itself are not uncommon; look no further than hacking Twitter last fall as an example of this scale of chaos. But the protracted attack on YouTube accounts stands out both for its breadth and the methods used by hackers, an old maneuver that is nonetheless extremely difficult to defend.
It all starts with a slip. The attackers sent YouTube creators an email that appeared to be from a real service – such as a VPN, photo editing application or anti-virus offer – and offered to cooperate. They offer a standard promotional arrangement: Show our product to your viewers and we will pay you a fee. It’s the kind of transaction that happens every day for YouTube’s luminaries, a vibrant payout industry.
However, clicking the link to download the product takes the creator to the malware site instead of the actual transaction. In some cases, hackers pose for known quantities such as Cisco VPN and Steam games or pose for media focused on Covid-19. Google says it has so far discovered more than 1,000 domains that were specifically created to infect unintentional YouTube. And that only hints at the scale. The company also opened 15,000 email accounts linked to the attackers behind the scheme. The attacks do not seem to be the work of one; rather, Google says, various hackers advertise account-taking services in Russian-language forums.
After YouTube inadvertently downloads the malware, it grabs specific cookies from its browser. These session cookies confirm that the user has successfully logged in to their account. A hacker can upload stolen cookies to a malicious server, allowing them to impersonate an already authenticated victim. Session cookies are especially valuable to attackers as they eliminate the need to go through any part of the login process. Who needs credentials to sneak into the Death Star detention center when you can just borrow an attacker’s armor?
“Additional security mechanisms such as two-factor authentication can create significant barriers to attackers,” said Jason Polakis, a computer scientist at the University of Illinois at Chicago who studies cookie theft techniques. “This makes the browser’s cookies extremely valuable to them, as they can avoid the additional checks and security that are triggered during the login process.”
Such cookie passing techniques have been around for more than a decade, but are still effective. In those campaigns, Google says it has seen hackers use about a dozen different ready-made and open source malware tools to steal browser cookies from victims’ devices. Many of these hacking tools can also steal passwords.
“Account hijacking attacks remain a widespread threat because attackers can use compromised accounts in many ways,” Polakis said. “Attackers can use compromised email accounts to spread scams and phishing campaigns, or they can even use stolen session cookies to drain funds from a victim’s financial accounts.”
[ad_2]
Source link