Google blocked 1.6 million phishing emails since May 2021, as per a report published by Google’s Threat Analysis Group. These emails have reportedly been a part of a malware campaign, which were aimed at stealing YouTube accounts and promoting cryptocurrency schemes.
Google reduced the volume of related phishing emails on Gmail by 99.6 per cent, as per details revealed by Google’s Threat Analysis Group, in collaboration with YouTube, Gmail, Trust and Safety, CyberCrime Investigation Group and Safe Browsing teams.
“We blocked 1.6M messages to targets, displayed 62K Safe Browsing phishing page warnings, blocked 2.4K files and successfully restored 4K accounts,” Google stated in a blog post.
The people responsible behind the same were involved in spreading disinformation campaigns, government-backed hacking, and financially motivated abuse, as per the report.
“Since late 2019, our team has disrupted financially motivated phishing campaigns targeting YouTubers with Cookie Theft malware,” the company said.
“The actors behind this campaign, which we attribute to a group of hackers recruited in a Russian-speaking forum, lure their target with fake collaboration opportunities (typically a demo for anti-virus software, VPN, music players, photo editing or online games), hijack their channel, then either sell it to the highest bidder or use it to broadcast cryptocurrency scams,” it added.
In the blog post, the company also shared examples of the various tactics, techniques and procedures (TTPs) that were used to lure users. Additionally, Google also provided guidance on how users can further protect themselves.
Cookie Theft which is also known as “pass-the-cookie attack,” is a session hijacking technique that allows hackers, access to user accounts with session cookies stored in the browser.
While the hijacking technique has been around for decades, its comeback as a top security threat could be attributed to wider adoption of multi-factor authentication (MFA), making it difficult to conduct abuse and shifting attacker focus to social engineering tactics, the company said.