Google details extensive phishing campaign targeting YouTubers

Google put out a report detailing a phishing campaign directed at YouTubers, which involved around 15,000 fake accounts and over a million messages to targets. The phishing attempts were carried out by multiple hackers, and the company says it’s recovered around 4,000 accounts since late 2019. The attackers weren’t just trying to get the creators to put their password into a fake website, though — they were trying to infect their computer with malware that would steal their login cookies, which is a much more intensive attack than sending a link and waiting for someone to get sloppy with their passwords.

YouTube doesn’t publicly say who was recruiting the hackers, only that they were using Russian-language forums to advertise. The campaign’s focus on YouTube accounts, instead of traditional targets like government computer systems or banks, shows how valuable gaining access to influencers’ social accounts and audiences’ attention can be.

An example of the advertisements posted to forums trying to recruit hackers to phish YouTubers.
Image: Google

The hack generally worked like this: hackers reached out to the YouTubers, pretending to offer ad deals promoting a VPN, antivirus program, or other software on their channel. If the creator agreed, they got a link that, if clicked, would infect their computer using a variety of malware programs, usually designed to steal cookies and passwords.

Because of the prevalence of two-factor authentication (whether through prompts, codes, or hardware keys), the cookies may have been an especially valuable target — hackers were looking at the ones that websites use to store a user’s log-in session (these files are the reason you don’t have to re-enter your password every time you visit a site).

If the hackers got the YouTuber’s cookie (and were able to use it before it expired) they may have been able to take over the channel, and potentially even change passwords to lock the rightful owners out. Of course, since YouTube accounts are tied to Google accounts, these kinds of attacks also gave hackers access to Gmail, Google Drive, Photos, and other services that were tied to that account.

According to Google, after all that work, hackers were able to sell the accounts for anywhere from $3 to $4,000. While that feels relatively cheap to get a YouTube account with a good number of subscribers, the numbers may be so low because the hackers wanted to hang on to accounts that they thought could really pull in money — last year, tech leaker Jon Prosser told Motherboard that hackers were able to make $10,000 by livestreaming a scam on his channel, promising to double any Bitcoins viewers sent in.

This campaign, and ones like it, could be a motivating factor in why Google announced earlier this year that YouTube creators would be required to turn on two-step verification (which makes having both a password and something like a phone or security key a requirement for logging in), and why it’s giving away thousands of security keys to “high risk users” on an annual basis. They don’t stop hackers who’ve taken over your computer, but making the attacks more expensive might help slow them down.

Google’s also been fighting the hackers in other ways, blocking their emails and files, as well as warning users when they’re visiting a malicious website in Chrome. But given the value that creators’ accounts have, criminals probably won’t be dissuaded from trying to get them — like the scam comments that show up all across YouTube, ever-evolving phishing attacks will likely be a part of life online for the foreseeable future.

Repost: Original Source and Author Link

Tech News

Watch YouTubers figure out the best fat for frying chicken at home

If you’re in the mood for fried chicken but prefer to make your meals at home, Guga Foods has a new video that may improve your frying game. The YouTubers test multiple fats for frying chicken, including one that you probably wouldn’t consider when planning your next meal, concluding that the best fat comes from a different bird — and it’ll cost you a bit more than the alternatives.

If you’ve made fried foods at home, the odds are high that you’ve used a cheap, commonly available fat for the recipe: canola, vegetable, peanut, or similar cooking oil. This new video goes a different direction, testing three of the more ‘sophisticated’ fat options when it comes to making fried chicken at home: lard, wagyu, and duck fat.

All three fats are available in many stores, though you may have to visit a butcher shop to get the products depending on your location. Lard, which is made from pork fat, is the most commonly available and cheapest — but, according to Guga Foods, it doesn’t make the best fried chicken.

You may suspect that Wagyu fat, which comes from Japanese beef cattle, would win the test, but that’s not the case. Guga concludes that duck fat — the most expensive of the three — is, in fact, your best option for making the tastiest fried chicken at home.

Ultimately, all three fried chicken batches came out excellent and the one you prefer will come down to personal taste preferences. With that said, Guga Foods suggests that if you’ve never tried duck-fried chicken, you should give it a try to find out what you’ve been missing.

Repost: Original Source and Author Link