How hackers hijacked YouTube account to place cryptocurrency scam ads

Google’s Threat Analysis Team Shared details about long-term phishing campaigns targeting YouTube users. The activity was apparently carried out by hackers recruited in Russian forums, using “fake cooperation opportunities” to attract YouTube users, and then using “pass cookie attacks” to hijack their channels, with the goal of selling them or using it to broadcast-of course Yes-cryptocurrency scam.

The attack started with a phishing email offering promotional cooperation. After the deal is concluded, the YouTuber will receive a link to a malware page disguised as a download URL. This is where the real action begins: when the target runs the software, it extracts cookies from their PC and uploads them to a “command and control server” operated by a hacker.