High-profile YouTube creators targeted in a series of coordinated cyber attacks
YouTubers within the automotive and car reviewing community were hardest hit
Cyber criminals have targeted a number of YouTube creators over the past few days in order to take control of popular YouTube channels from their actual owners.
According to ZDNet, this new wave of attacks is massive and highly coordinated, with primary focus on high profile YouTubers within the automotive and car reviewing community. Some of the car community channels that have already been taken over by the attackers include, PURE Function, Troy Sowers, Musafir, Built, and MaxtCheckVids.
"My personal YouTube account has been hacked & deleted (account name was PURE Function)," Ryan Scott, the owner of the PURE Function, said in Google Support Forum.
"This happened last night, and I am unable to see my channel anywhere or even log in to access it," Scott added.
"I tried logging in and had two step authentication setup also."
The hackers used phishing to steal the credentials of YouTube channel owners. Many owners revealed that the hackers sent them mails that lured them to phishing sites, which appeared like Google login pages. After owners entered their YouTube credentials, the attackers used the details to log in to Google accounts and to re-assign the channels to new owners.
They also changed the "vanity URL" of the channel, making it seem like the channel and the account have been deleted, although the channels are available for sale on some darknet forums.
The phishing emails that hackers use to lure potential targets are created so well that they can look genuine at first glance.
According to ZDNet, a main concern for creators is that hackers were able to bypass two-factor authentication on users' accounts. A victim said the cyber criminals might have used reverse proxy-based Modlishka phising toolkit to carry out these attacks.
A hacker named Askamani told ZDNet that the people behind these attacks will have to quickly sell the stolen accounts to a new owner, as YouTube will soon recover all hijacked accounts and return them back to their original owners.
Askamani is active on OGUsers, a darknet forum used by hackers to sell access to hacked accounts, including YouTube.
Askamani also said that a spike in complaints would mean someone got hold of a "real nice database," and they are now "getting a bang for their buck".