YouTube is riddled with phishing and crypto scams, researchers from the search engine giant’s Threat Analysis Group (TAG) have recently discovered. Cybercriminals are using cookie-theft malware to hijack YouTube channels to promote phishing and scams, the researchers said. Google has linked the activities to a group found active on Russian forums. With the malware, hackers can access people’s passwords and even YouTube channel credentials.
Online games, anti-virus softwares, and photo-editing are some ways using which cybercriminals are approaching YouTube users to scam them, a report by TAG has revealed. Hackers have also been creating fake pages on social networking platforms to direct their victims to and make them click on infected links. Researchers further warned that these cybercriminals have been using breached YouTube channels for live streaming crypto content to scam investors.
“A large number of hijacked channels were rebranded for cryptocurrency scam live-streaming. The channel name, profile picture, and content were all replaced with cryptocurrency branding to impersonate large tech or cryptocurrency exchange firms. The attacker live-streamed videos promising cryptocurrency giveaways in exchange for an initial contribution,” Ashley Shen from Google’s TAG wrote in the report.
Deeper analysis into the matter has revealed that hacked YouTube channels were trading within the range of $3 to $4,000. In July 2020, famous Indian YouTuber Ajay Nagar, who is known by the name of CarryMinati, had reported that one of his YouTube channels had been compromised and was showing questionable Bitcoin links to his followers.
Along with YouTube, crypto-scammers have also been misusing other platforms like WhatsApp and Twitter among others, to unlawfully extract benefits from unsuspecting crypto enthusiasts. Last year, the verified accounts of several well-known people including Barack Obama, Steve Wozniak, Kim Kardashian West and, Elon Musk were hacked by crypto-criminals, who posted infected Bitcoin links to lure their victims into a scam.
Amid the expansion of the crypto-culture on a global level, scammers have been trying to find more opportunities to use this development in their favour. Earlier in April, a report had revealed that the total crypto crime in 2020 has amounted to around $10.52 billion. Analyst firm Chainalysis in a recent report had also revealed that at least $815 million was sent in crypto to scam projects from Eastern European countries between July 2020 and June 2021.