Google users are facing a new wave of hacking attempts that bypass two-factor authentication (2FA) security measures, leaving victims locked out of their accounts. These hackers have been targeting accounts on Gmail and YouTube, changing passwords, phone numbers, and 2FA settings to prevent users from recovering their accounts. Many users have reported their accounts being compromised despite having 2FA protections in place and are unable to regain access.
The common factor in these hacking attempts appears to be related to a cryptocurrency scam involving Ripple’s XRP. Hackers are using compromised accounts to lure victims into cryptocurrency scams, promising to double the amount of XRP sent to fake Ripple management accounts. Ripple Labs has issued warnings about these scams and advises users to be cautious and avoid falling for these fraudulent schemes.
Hackers are able to bypass 2FA security through session cookie hijack attacks, which involve capturing session cookies containing login information. By obtaining these cookies, attackers can masquerade as legitimate users and gain access to their accounts without needing a 2FA code. Google recognizes this issue and has implemented measures to detect and block suspicious access, as well as providing an automated account recovery process for users who have been hacked.
Google has stated that users have up to 7 days to recover hacked accounts and encourages them to set up recovery factors for added security. They also recommend utilizing security tools such as passkeys and Google’s Security Checkup to enhance account protection. Additionally, YouTube users, particularly those in the gaming community, need to be vigilant as researchers have uncovered malicious malware being distributed through YouTube channels, targeting gamers with promises of free game downloads which instead deliver malware payloads.
Proofpoint researchers have identified various strains of information-stealing malware being disseminated through compromised YouTube channels, particularly those appealing to a young demographic with links related to popular children’s games. These malware campaigns use similar technical methods to disable antivirus software and bypass security protections, with a focus on targeting YouTube consumers rather than enterprise users. As a result, YouTube has taken action to remove all reported content associated with malicious activity to protect users from falling victim to these scams.