Since a minimum of 2019, hackers have been hijacking high-profile YouTube channels. Generally they broadcast cryptocurrency scams, typically they merely public sale off entry to the account. Now, Google has detailed the approach that hackers-for-hire used to compromise hundreds of YouTube creators in simply the previous couple of years.
Cryptocurrency scams and account takeovers themselves aren’t a rarity; look no additional than final fall’s Twitter hack for an instance of that chaos at scale. However the sustained assault in opposition to YouTube accounts stands out each for its breadth and for the strategies the hackers used, and an outdated maneuver that’s nonetheless extremely tough to defend in opposition to.
All of it begins with a phish. Attackers ship YouTube creators an electronic mail that seems to be from an actual service—like a VPN, photograph enhancing app, or antivirus providing—and supply to collaborate. They suggest a