216.73.217.176

Fake YouTube copyright notices can steal your Google login

· Published 15/04/2026 19:15 · Modified 15/04/2026 17:28

Export JSON

Essential information

Published
15/04/2026 19:15
Modified
15/04/2026 17:28
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
browser-in-the-browser credential theft cryptocurrency scams google account takeover phishing campaign
Tags
2026-04-15 browser-in-the-browser credential-theft cryptocurrency scams google account takeover phishing campaign
Related entities
5 indicators, 5 observables, 7 others

Description

A sophisticated is targeting YouTube creators using convincing fake copyright strike notifications. The attack dynamically pulls real channel data including profile pictures, subscriber counts, and recent videos to create personalized scare pages. Victims are funneled through a attack displaying a fake Google sign-in that captures credentials. The operation functions as phishing-as-a-service, with multiple attackers sharing infrastructure and rotating domains to evade detection. Successful attacks result in complete , allowing hijackers to rebrand channels and livestream to existing audiences. The kit automatically exempts channels with over three million subscribers to avoid detection by security teams.

External references