Hackers target YouTube channels to spread bitcoin scams

Google indicates that a group of hackers recruited from a Russian-speaking forum has been targeting YouTubers for two years. Its objective? Take advantage of channels to spread bitcoin and other cryptocurrency scams.

YouTube channels are of great interest to some hackers. Here’s what Google’s Threat Analysis Group (TAG) reveals in a blog post on October 20. The entity that works to monitor disinformation campaigns, hacking and scam attempts indicates that YouTubers have been attacked for two years by a group of hackers recruited from a Russian-speaking forum.

When these hackers manage to seize a channel, specifies the Google Threat Analysis Group, “or they resell their access to the highest bidder, or they use it to spread scams in the field of cryptocurrencies. A problem that companies in the cryptocurrency sector are beginning to experience. Thus, at the end of 2020 on Twitter, the cryptocurrency exchange Gemini warned about the fact that two YouTube channels had been “hijacked by a hacker and disguised to look like the fake Gemini YouTube channels”, with the name of the company and its logo.

Bitcoin scams broadcast on hacked channels

Google confirms that this type of action is recurring. “A lot of pirated channels [par ce groupe de hackers] they are disguised to broadcast crypto scams live. ” Usually the channel name, profile picture and its content are replaced by elements that copy those of the accounts of the main cryptocurrency exchanges. The attackers will then transmit videos that give the possibility of multiplying their earnings in cryptocurrencies, after an initial contribution. “I have friends who have started commenting on my Facebook wall: ‘Manu, your delusion with bitcoins is weird,’ YouTuber Manutallurgy who had faced the problem a few months ago told Cyberwar. As soon as my friends warned me, I took care of it. I saw that there were 7 or 8 bitcoin videos. ”

To take over a YouTube channel, the hackers responsible for the campaign detected by Google offer the cameramen fake commercial collaborations. “Many YouTube creators leave an email address on their channel for trade associations. Therefore, attackers write to this address pretending to be an existing company and claiming to want to forge a video advertising association, ”explains Google’s Threat Analysis Group.

A Youtubeur camera // Source: CCO / Pixabay

Hackers usually pose as companies that edit software (VPN, antivirus, photo editing tool, etc.). If your target accepts the trade association, you send them a download link to promote your alleged software. But when they click the link, specialized malware runs. This malicious software retrieves cookies from the victim’s machine’s browser and often from their passwords as well.

A sophisticated attack campaign

Cyberguerre had been able to speak with several French YouTubers this summer, having faced this type of attack and we were surprised, at the time, by the degree of sophistication of this campaign. The association proposals were very well targeted and the exchanges were as personalized as they were credible, with the codes of the association environment and phrases in perfect English. “They even planned a list of forbidden words not to be used in the video,” said the creator of the channel Super Walker, who had also endured the brunt of this attack. Some of the malware used to steal YouTubers accounts was quite sophisticated. One of those that Cyberwar had been able to analyze at the time, for example, allowed connecting to an account without having to provide a password or double authentication code.

Note that if most of the channels hijacked by the group of hackers pointed out by Google were used to distribute crypto scams, Google specifies that a part of the access obtained was sold in markets specialized in this type of traffic. These hacked channels sell for between $ 3 and $ 4,000 depending on your number of subscribers.

Photo credit of the one:
Viktor Forgacs / Unsplash

About CyberGhost

CyberGhost, Cyberwarre’s exclusive advertiser, is a premium VPN provider at affordable prices. It has thousands of secure servers spread all over the world, allowing you to relocate your IP address and avoid geoblocks. CyberGhost does not keep any logs of user activity. Its VPN application is available on all operating systems and connected devices and is the easiest to access on the market.

Learn more about CyberGhost’s VPN solution

Share on social networks

Business Consulting Nulled, WeaPlay, Elementor Pro Weadown, PHP Script, Slider Revolution Nulled, Newspaper – News & WooCommerce WordPress Theme, Avada 7.4 Nulled, Fs Poster Plugin Nulled, Wpml Nulled, Elementor Pro Weadown, Flatsome Nulled,Woodmart Theme Nulled, Jannah Nulled, WordPress Theme, Astra Pro Nulled, Rank Math Seo Pro Weadown, Yoast Nulled, Dokan Pro Nulled, Nulledfire, Wordfence Premium Nulled, Woodmart Theme Nulled, Consulting 6.1.4 Nulled, Jnews 8.1.0 Nulled, Premium Addons for Elementor, Plugins, PW WooCommerce Gift Cards Pro Nulled, WP Reset Pro, Woocommerce Custom Product Ad, Newspaper 11.2

Back to top button