IntSights experts have found that there has been an increase in interest in YouTube credentials on the dark web recently, and as a "side effect" it is stimulating data verification activities. More and more offers of this kind can be found on hacker forums and sites that trade in credentials.
It should be noted, however, that cybercriminals have long been interested in YouTube, as the site provides them with a new audience that can be used in a variety of ways, from fraud to advertising. In addition, cybercriminals often “hijack” popular channels from their legitimate owners, and then demand a ransom to return access.
Data on YouTube channels is mainly collected from computers infected with malware, as a result of phishing campaigns, and so on. After the stolen information is sorted into specific logins and passwords from certain services, and then sold on the black market.
The cost of the lists for sale with the taken into account data from YouTube channels is proportional to the number of their subscribers. Researchers give several examples. Thus, in one case, the price per channel with 200,000 subscribers started at $ 1,000 and increased in increments of $ 200.
In another case, researchers found an ad for an auction that sold data from 990,000 active channels and started at $ 1,500 (whoever pays $ 2,500 received a list without bargaining). Obviously, the seller hoped to make quick money by selling the data, as he feared that his victims would notice the compromise, contact support and regain access to their accounts.
Another set of 687 YouTube accounts, sorted by subscriber count, was put up for sale at an initial price of $ 400 (the price increased in $ 100 increments, and for $ 5,000 the "lot" could be withdrawn immediately).
IntSights specialists believe that hackers are most likely collecting material for such lists with credentials from YouTube channels, checking a database with stolen logins and passwords (in search of data from Google accounts) and data obtained from infected computers.
IntSights experts write that in the past, attackers have used sophisticated phishing campaigns and reverse proxy toolkits to trick Google's two-factor authentication. Now sellers rarely mention 2FA at all, and most likely, this indicates that the hijacked accounts were not protected by two-factor authentication.
Edition Bleeping Computer notes that users affected by the hacking and hijacking your account on YouTube, often complain that they were deceived to download malware. For example, the following complaints can be found on the Internet:
Another scam victim tells a similar story when the scammers pretended to be looking for people to collaborate with.
(c) xakep.ru
It should be noted, however, that cybercriminals have long been interested in YouTube, as the site provides them with a new audience that can be used in a variety of ways, from fraud to advertising. In addition, cybercriminals often “hijack” popular channels from their legitimate owners, and then demand a ransom to return access.
Data on YouTube channels is mainly collected from computers infected with malware, as a result of phishing campaigns, and so on. After the stolen information is sorted into specific logins and passwords from certain services, and then sold on the black market.
The cost of the lists for sale with the taken into account data from YouTube channels is proportional to the number of their subscribers. Researchers give several examples. Thus, in one case, the price per channel with 200,000 subscribers started at $ 1,000 and increased in increments of $ 200.
In another case, researchers found an ad for an auction that sold data from 990,000 active channels and started at $ 1,500 (whoever pays $ 2,500 received a list without bargaining). Obviously, the seller hoped to make quick money by selling the data, as he feared that his victims would notice the compromise, contact support and regain access to their accounts.
Another set of 687 YouTube accounts, sorted by subscriber count, was put up for sale at an initial price of $ 400 (the price increased in $ 100 increments, and for $ 5,000 the "lot" could be withdrawn immediately).
IntSights specialists believe that hackers are most likely collecting material for such lists with credentials from YouTube channels, checking a database with stolen logins and passwords (in search of data from Google accounts) and data obtained from infected computers.
IntSights experts write that in the past, attackers have used sophisticated phishing campaigns and reverse proxy toolkits to trick Google's two-factor authentication. Now sellers rarely mention 2FA at all, and most likely, this indicates that the hijacked accounts were not protected by two-factor authentication.
Edition Bleeping Computer notes that users affected by the hacking and hijacking your account on YouTube, often complain that they were deceived to download malware. For example, the following complaints can be found on the Internet:
Another scam victim tells a similar story when the scammers pretended to be looking for people to collaborate with.
(c) xakep.ru
