YouTube ‘influencers’ lured with sponsorship deals end up getting accounts hacked: Google actively fighting ‘Session Cookies’ hijacking techniques that avoid 2FA triggers

YouTube Content Creators Phishing Attacks Session Cookies
YouTube Content Creators beware of attractive sponsorship deals. Pic credit: Rego Korosi/Flickr

YouTube publisher accounts of some very influential and high-ranking individuals continue to remain vulnerable. Google is trying hard to squash the increasing attempts of hijacking high-profile and influential YouTube accounts through phishing attacks and ‘Session Cookies’.

Google’s Threat Analysis Group is well aware of the continuous attempts by hackers, mostly operating in the cryptocurrency segment, to hijack YouTube accounts. The techniques employed by hijackers are surprisingly rudimentary, yet highly effective.

YouTube Account hijackers lure individuals with phishing scams:

Individual hackers, and even groups of malicious code writers, are after YouTube Content Creators. These hackers are after the YouTube accounts, explained Google in a detailed blog post.

Compromising social media accounts, and running massive cryptocurrency scams isn’t new. In fact, just last year, hackers successfully compromised several high-profile Twitter accounts.

During the same time, malicious code writers were also crafting phishing scams to lure content creators for YouTube. Google claims the persistence and creativity of groups targeting YouTube is concerning.

The search giant indicates nearly all attempts to gain control of a YouTube account by launching customized phishing attacks. Attackers send YouTube creators a carefully crafted email that seems to come from a real service that is looking for some promotion.

Essentially hackers attempt to lure YouTube content creators with an offer to collaborate with a lucrative pay-packet. Needless to mention, YouTube is rife with such deals: show a product and earn a fee. This is reportedly a bustling industry of influencer payouts.

Clicking any link within the email opens up multiple doors to malware-laden websites. Google claims it has found over 1,000 domains that hackers have custom-built solely to infect YouTube content creators. More than 15,000 emails accounts were also operating for the same purpose.

Hackers are targeting Session Cookies as they allow bypassing 2FA triggers?

The majority of the malware that Google discovered, actively goes after the cookies that browsers and websites store locally on the victim’s computer. These are “Session Cookies”, and they essentially confirm the user frequents the websites on that particular computer.

Such cookies are quite valuable to hackers because they can help successfully impersonate their victims. Session cookies can even avoid entering login information, as the websites treat the system as “trusted”, indicated Jason Polakis, a computer scientist at the University of Illinois, Chicago,

“Additional security mechanisms like two-factor authentication can present considerable obstacles to attackers. That renders browser cookies an extremely valuable resource for them, as they can avoid the additional security checks and defenses that are triggered during the login process.”

It is truly concerning that such a rudimentary method to hijack an account is still valid and useful. Companies such as Microsoft, Google, Facebook, and several others are improving their backend systems to spot such attempts. But YouTube content creators need to exercise a lot more caution while discussing potential sponsorship deals, warn some experts.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x