Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts
Oct 21, 2021
Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder. That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting the video platform with cookie theft malware. The actors behind the infiltration have been attributed to a group of hackers recruited in a Russian-speaking forum. "Cookie Theft, also known as 'pass-the-cookie attack,' is a session hijacking technique that enables access to user accounts with session cookies stored in the browser," TAG's Ashley Shen said . "While the technique has been around for decades, its resurgence as a top security risk could be due to a wider adoption of multi-factor authentication (MFA) making it difficult to conduct abuse, and shif...
