Around 15,000 actor accounts were identified, most of which were created for this campaign specifically.
The attackers registered various domains associated with forged companies and built multiple websites for malware delivery.
The company has identified at least 1,011 domains created solely for this purpose so far.
During the pandemic, it also uncovered attackers posing as news providers with a Covid19 news software.
Most of the observed malware was capable of stealing both user passwords and cookies.
Some of the samples employed several anti-sandboxing techniques including enlarged files, encrypted archive and download IP cloaking.
A few were observed displaying a fake oops message requiring user click-through to continue execution.
A large number of hijacked channels were rebranded for cryptocurrency scam live-streaming.
The attacker live-streamed videos promising cryptocurrency giveaways in exchange for an initial contribution.
Moreover, to protect its users, Google has also shared the findings to the FBI for further investigation.
source: www.techworm.net
