Despite the security measures of two-factor authentication (2FA), hackers are successfully infiltrating Google accounts, leaving users locked out and seeking help on various support forums. The attackers, often associated with cryptocurrency scams involving Ripple’s XRP, are manipulating account settings, changing passwords, phone numbers, and 2FA details to prevent recovery.
Victims of these attacks have reported being unable to regain access to their accounts even with 2FA enabled. The common scam involves promising XRP refunds through fake Ripple accounts, with compromised YouTube channels using deepfake videos to add authenticity.
The attackers are not hacking the 2FA security directly but are bypassing it through session cookie hijack attacks. By obtaining session cookies after successful logins, hackers can replay them to gain unauthorized access without needing a 2FA code.
Google has acknowledged the issue of session cookie hijacking and is continuously updating security measures to detect and block suspicious access. The company recommends users set up recovery factors and utilize security tools like passkeys and Google’s Security Checkup for enhanced protection.
Additionally, YouTube users, especially gamers, are at risk of malware infections through pirated game-related content. Malicious links disguised as game downloads on compromised channels are distributing information-stealing malware targeting a young demographic.
Threat researchers have identified various malware strains, including Lumma Stealer and StealC, being spread through YouTube videos. The attackers use similar tactics to disable antivirus software and evade security measures, with compromised accounts posting malicious content to reach a wide audience.
Users are advised to be cautious of significant gaps in video uploads, content inconsistencies, language changes, and suspicious links in video descriptions. YouTube has taken action to remove reported malicious content, but users must remain vigilant against these evolving threats.
