Skip to content
May 11, 2025
  • Facebook
  • Instagram
  • Twitter
  • Youtube
DFRAC_ORG

DFRAC_ORG

Digital Forensics, Research and Analytics Center

Primary Menu
  • Home
  • Generative AI
  • Fact Check
    • Election
    • Health
    • Conflict Zone
  • Hate Monitor
  • Opinion
  • Hashtag Scanner
  • News
  • Podcasts
  • About
    • About Us
    • Contact us
    • Our Team
    • Non-Partisanship Policy
    • Privacy Policy
    • Resources
    • Collaborations
  • हिन्दी
  • English
  • اردو
Donate us
  • Featured
  • Online Fraud
  • Opinion

Google finally tackles phishing scams that targeted Youtubers all around the world

DFRAC Editor October 24, 2021
feature (1)

Since 2019, Youtubers from all around the world were being targeted by phishing scams that made them lose control of their social media accounts. The accounts that were being hijacked were consequently being sold online for very minimal prices. 
Google has a Threat Analysis Group (TAG) which on October 20,2021 posted a report on the issue finally attributing these hacks to a Russian speaking group recruited on Russian language forums. That is not to say that everyone in the group was a Russian since it was not a geotagged forum.

Recruitment model for hackers as explained by the TAG report

The hackers usually targeted smaller Youtubers with below 100,000 followers so as to not draw too much attention to themselves. They approached the target as a sponsor of their videos and this could range from VPN providers, music gears, photo editors and many more. 

In order to avail the sponsorship, the sponsee usually has to download the app on their phone and show their experience to their viewers. In this case, the apps that were made to download on the Youtubers’ phones were laced with malwares. 

Malware used by the hackers are RedLine, Vidar, Predator The Thief, Nexus stealer, Azorult, Raccoon, Grand Stealer, Vikro Stealer, Masad, and Kantal, all sold on underground hacking forums. Open-source malware, available on GitHub, such as AdamantiumThief and Sorano, was also used in some attacks.

These malwares then collected all the user id logins and authentication cookies from the browser. The cookies are then used to access the Youtube account and soon after that all login ids and passwords are changed to lock the target out of their own accounts. 

Even two-factor authentications are bypassed like this which is extremely dangerous. For two years users have expressed their frustrations over this demanding more secure avenues for themselves. 

The servers discovered that were being used to carry out these scams has 15,000 fake email accounts and over 1,000 websites that hosted the malware. Google also discovered that over 4,000 people have lost their accounts to this group over the last 2 years. 

The accounts were not used for any grander purpose except to sell them off online for very little money. Some Youtubers even spotted their accounts being sold on websites. 

Accounts being sold on a website

Some of the accounts were used to peddle cryptocurrency schemes that looked very suspicious to begin with. Several handles sought to impersonate Elon Musk and Bill Gates amongst others to peddle the fake schemes. 

Even though accounts have been returned to their owners, Google has not been able to do the same for all of the accounts. However, having learnt all they could from these attacks, Google has updated some of its defensive systems and also added  the Safe Browsing system to its software as well. 

Share this…
  • Facebook
  • Twitter
  • Pinterest
  • Whatsapp

Continue Reading

Previous: Fact-Check: Prakash Javadekar posts old video amidst glaring coal crisis
Next: Fact-Check- Aryan Khan Drug Case: NCB summons Swara Bhaskar?

Related Stories

Claims of Pakistan destroying an S-400 air defence system of India is Fake
  • Fact Check
  • Fake
  • Featured

Fact Check: Claims of Pakistan destroying an S-400 air defence system of India is Fake

Siddharth Urmil May 10, 2025
A video shows Indian Post destroyed at LoC is fake
  • Fact Check
  • Fake
  • Featured

Fact Check: A video shows Indian Post destroyed at LoC is fake

Siddharth Urmil May 9, 2025
Old video of Wildfire in Chile falsely shared as footage of Pakistan strike on Amritsar
  • Fact Check
  • Featured
  • Misleading-en

Fact Check: Old video of Wildfire in Chile falsely shared as footage of Pakistan strike on Amritsar

Siddharth Urmil May 8, 2025

fact check

Fact Check: Claims of Pakistan destroying an S-400 air defence system of India is Fake Claims of Pakistan destroying an S-400 air defence system of India is Fake

Fact Check: Claims of Pakistan destroying an S-400 air defence system of India is Fake

May 10, 2025
Fact Check: A video shows Indian Post destroyed at LoC is fake A video shows Indian Post destroyed at LoC is fake

Fact Check: A video shows Indian Post destroyed at LoC is fake

May 9, 2025
Fact Check: Old video of Wildfire in Chile falsely shared as footage of Pakistan strike on Amritsar Old video of Wildfire in Chile falsely shared as footage of Pakistan strike on Amritsar

Fact Check: Old video of Wildfire in Chile falsely shared as footage of Pakistan strike on Amritsar

May 8, 2025
Fact Check: Old video of Nasr missile test launch is shared as Pakistan missile strike against India Old video of Nasr missile test launch is shared as Pakistan missile strike against India

Fact Check: Old video of Nasr missile test launch is shared as Pakistan missile strike against India

May 7, 2025
Fact Check: No, Pakistan’s J-10C Did Not Shoot Down an Indian Rafale Over the LoC Dramatic silhouette of a Chinese-made J-10C fighter jet in mid-flight against a vivid sunset sky, with its afterburner trail illuminated in the twilight. The image was featured in a viral social media post by a Pakistani defense account, falsely claiming that the aircraft had successfully shot down an Indian Rafale jet during an aerial encounter over the Line of Control (LoC). The claim was later fact-checked and debunked by Indian authorities as misinformation.

Fact Check: No, Pakistan’s J-10C Did Not Shoot Down an Indian Rafale Over the LoC

May 7, 2025
Old 2020 JNU attack protest video falsely shared as PM Modi resignation protest amid India-Pakistan tension Old 2020 JNU attack protest video falsely shared as PM Modi resignation protest amid India-Pakistan tension

Old 2020 JNU attack protest video falsely shared as PM Modi resignation protest amid India-Pakistan tension

May 6, 2025

Connect with Us

  • Facebook
  • Instagram
  • Twitter
  • Youtube

IFCN certified

Newsletter

  • About Us
  • Contact us
  • Terms and Conditions
  • Privacy Policy
  • Non-Partisanship Policy
  • Facebook
  • Instagram
  • Twitter
  • Youtube
Copyright © 2025 | All Rights Reserved | Developed by OppsWeb Solutions | MoreNews by AF themes.