We all know that the Covid-19 related attacks are thoroughly dominating the current cyber threat scenario, but, now, stolen YouTube channel credentials are highly demanded in Dark Web Forum.
While analyzing this whole incident, the team of security researchers has encountered an uptick in demand for stolen credentials for prominent accounts on YouTube in very recent weeks, claimed the CSO of cyber-intelligence firm that is Insights, Etay Maor just after this current incident of YouTube.
Well, behind this type of threat, the main motive of the attacker is to get access to the account so that they can use them for spreading malware, and after that, they can easily launch fraud scams upon viewers. Not only that, even these types of compromised accounts could also be utilized by the attackers to blackmail the account proprietor.
However, regarding this threat, one of the undercover forums has already reported that more than 80% of illicit buyers have shown their desire to see more such credentials that are put up for sale simply by running a quick poll on their portal.
Moreover, here the attackers only target the big YouTube channels, as the smaller channels may not be that lucrative as compared to the bigger ones. As the bigger channels contain massive users and generate a good amount of revenue.
Therefore these vast number of big YouTube channels attract most of the illicit users in the auctions, and not only that, even they also agree to pay the high amount of money to gain access to the credentials of big YouTube channels.
Moreover, the security firm, Insights, has also cleared that the hackers planned auctions with nearly 680 accounts with a starting price of $400, and it attracts most of the users because almost every account has more than 40,000 subscribers.
More importantly, this auctions always held for only 24-hour, so if any new beginner or struggling YouTubers want to buy, then he/she has to decide it within 24-hour. Earlier hackers used to use complicated phishing campaigns in sequence with backward proxy toolkits like Modlishka to break Google’s two-step confirmation.
But nowadays, these hackers are cropping the account from the databases comprising Google credentials as well as from malware-infected computers.
But, not a single seller has mentioned about the 2FA; by this, we can say that the accounts that are mentioned by the hackers did not select for further additional steps.
The 2FA security mechanism is generally used because it comprehends the risk and verifies the type of phishing attacks that are practiced by the hackers.
Therefore the hackers did not mention the 2FA because it is one of the highly recommended additional security steps, and it also uses a recovery phone number or email so that it can proceed with its verification procedures.
So, what do you think about this? Share all your views and thoughts in the comment section below.