According to the report published by Google’s Threat analysis group, since May 2021 Google has banned over 1.6 million phishing emails.
The number of related phishing emails on Gmail has reduced by 99.6%, according to data released by Google’s Threat Analysis Group in collaboration with Trust and Safety, YouTube, Gmail, CyberCrime Investigation Group, and Safe Browsing teams. It has been reported that the emails were part of a malware campaign targeted at capturing YouTube accounts and pushing cryptocurrency scams.
Google said in a blog post, “We blocked 1.6M messages to targets, displayed 62K Safe Browsing phishing page warnings, blocked 2.4K files, and successfully restored 4K accounts.”
“Since late 2019, our team has disrupted financially motivated phishing campaigns targeting YouTubers with Cookie Theft malware,” the company said.
“The actors behind this campaign, which we attribute to a group of hackers recruited in a Russian-speaking forum, lure their target with fake collaboration opportunities (typically a demo for anti-virus software, VPN, music players, photo editing, or online games), hijack their channel, then either sell it to the highest bidder or use it to broadcast cryptocurrency scams,” it added.
These are the same people responsible for spreading disinformation operations, government-backed hacking, and financially motivated abuse.
The business also provided samples of the numerous tactics, methods, and procedures (TTPs) that were utilized to entice consumers in the blog article. Google also published instructions on how consumers may strengthen their security.
Cookie Theft, often known as a “pass-the-cookie attack,” is a session hijacking technique in which hackers get access to user accounts using session cookies saved in the browser.
On the other hand, the hijacking technique has been present for decades, the business believes that its resurgence as a top security concern is due to the widespread implementation of multi-factor authentication (MFA), which makes abuse more difficult and shifts attackers’ attention to social engineering approaches.