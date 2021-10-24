



According to a report published by Google’s Threat Analysis Group, Google has blocked 1.6 million phishing emails since May 2021. These emails are reported to be part of a malware campaign aimed at stealing YouTube accounts and promoting cryptocurrency schemes.

Google has reduced the amount of related phishing emails on Gmail by 99.6%, according to details revealed by Google’s threat analysis group in collaboration with YouTube, Gmail, Trust and Safety, CyberCrime Investigation Group, and Safe Browsing teams. bottom.

“We blocked 1.6 million messages to our target, displayed a warning on the 62K safe browsing phishing page, blocked 2.4K files, and successfully restored our 4K account,” Google said in a blog post. I am.

According to the report, the people behind it were involved in the spread of disinformation campaigns, government-sponsored hacking, and financially motivated abuse.

“Since late 2019, our team has been using CookieTheft malware to thwart financially motivated phishing campaigns targeting YouTuber,” the company said.

“The actors behind this campaign are due to a group of hackers hired in Russian-speaking forums and fake collaboration opportunities (usually antivirus software, VPNs, music players, photo editing, online game demos.” ) To seduce the target.), Hijack their channel and sell it to the highest bidders or use it to broadcast cryptocurrency scams. “

In the blog post, the company also shared examples of various tactics, techniques, and procedures (TTPs) used to seduce users. In addition, Google has provided guidance on how users can further protect themselves.

Cookie theft, also known as a “cookie passing attack,” is a session hijacking technique that allows hackers to use session cookies stored in their browsers to access their user accounts.

Hijacking techniques have been around for decades, but the biggest security threat has revived as multi-factor authentication (MFA) adoption has become more difficult to exploit and the attacker’s focus. Probably because they moved to social engineering tactics. ..

