Oops! It appears that you have disabled your Javascript. In order for you to see this page as it is meant to appear, we ask that you please re-enable your Javascript!

Coordinated campaign hijacks YouTube creator accounts

YouTube creators are having their accounts hijacked in what appears to be a coordinated campaign launched against the platform with hackers focusing on users from the auto-tuning and car review community.A number of high-profile accounts from the YouTube creators car community have already been targeted including Built, Troy Sowers, MaxtChekVids, PURE Function and Musafir.However, creators from other communities on the platform also reported having their accounts hijacked over the past few days.
Hackers target Office 365 business accountsMalvertising campaign infects popular YouTube to MP3 conversion siteHackers launch phishing attack disguised as DocuSign documentThe massive wave of account hijacks is the result of a coordinated campaign which used messages to lure users to phishing sites where hackers were able to obtain their credentials.
Bypassing two-factor authentication
After speaking with a YouTube channel owner that managed to recover their account, ZDNet gained a better idea of how these attacks likely occurred. First hackers used phishing emails to lure victims to fake Google login pages where they collected their account credentials, then they broke into their Google accounts, re-assigned popular channels to new owners and finally they changed the channel’s vanity URL to trick account owners into thinking their channels had been deleted.Some of the creators targeted by the campaign received individual emails while others said they had received email chains that included the addresses of multiple YouTube creators, often from the same community or niche.On creator whose channel is called Life of Palos confirmed that hackers were apple to bypass the two-factor authentication protecting his account. He believes those behind the campaign could have used a reverse proxy-based phishing toolkit called Modlishka which is used to intercept 2FA SMS codes. However, there are a number of reverse proxy-based phishing toolkits available on the dark web which could have been used instead.Those behind these account takeover attacks have not yet come forward and neither Google nor YouTube has issued a public response regarding the coordinated campaign.
We’ve also highlighted the best antivirus software of 2019Via ZDNet