Google Disrupted Massive Phishing Campaign Targeting YouTubers

youtube video chapters

Phishing is one of the most common forms of cyberattack, yet it is difficult to defeat. Such attacks take advantage of unsuspecting victims to trick them into handing over valuable information. The attackers usually pretend to be representative of a trusted entity and lure their targets with fake collaboration opportunities. It appears YouTube creators are one of the most vulnerable targets for phishing attacks. Google has just detailed a massive phishing campaign targeting YouTubers.

According to Google’s Threat Analysis Group (TAG), attackers use the tried and tested social engineering tactics to trick YouTubers. They send an email pretending to be from a legitimate organization or company to their targets, offering bogus business opportunities. The attackers often offer a handsome deal to the victims for short advertisements in their YouTube videos. The company has so far identified 15,000 fake accounts used to send such phishing emails.

Once the target agreed to the deal, the attackers trick them into downloading Cookie Theft malware on their computer using fake software landing pages or social media accounts. Google’s TAG team has identified at least 1,011 domains used to distribute the malware to date.


When the victim runs the fake software, attackers are able to steal their login cookies and hijack their accounts. Google says the hijacked channels are either sold to the highest bidder or used to broadcast cryptocurrency scams. Depending on the number of subscribers, the channels sell for up to as high as $4,000.

Google has disrupted several phishing attacks targeting YouTubers recently

Google‘s TAG team has disrupted several such “financially motivated” phishing attacks directed at YouTubers over the past couple of years. Since May this year, the company has blocked 1.6 million phishing emails, displayed around 62,000 phishing alerts, blocked 2,400 files, and successfully restored 4,000 hijacked YouTube accounts.

In collaboration with “YouTube, Gmail, Trust & Safety, CyberCrime Investigation Group, and Safe Browsing teams,” Google has also decreased the volume of phishing emails on Gmail by 99.6 percent during this period. But attackers are now using other email providers such as email.cz, seznam.cz, post.cz, and aol.com to send phishing emails. They are also driving victims to instant messaging apps like WhatsApp, Telegram, and Discord for further communications.


Google doesn’t reveal details about the attackers behind these phishing attacks. However, the company says the “hack-for-hire actors” were recruited in a Russian-speaking forum. Depending on the work, the actors get up to 70 percent of the revenue generated from the hijacked YouTube accounts.

Meanwhile, for improved security, Google will mandate 2-Step-verification for all monetizing YouTube creators starting November 1st. The company also advises users to be vigilant and verify the legitimacy of emails or files received from unknown sources.

Google YouTube Phising campaign 1