ACCORDING to Malwarebytes, a convincing phishing campaign is targeting YouTube creators with fake copyright strike notices that can do more than steal a Google login—they could allow attackers to take over the entire Google account, including Gmail, Drive and payments, and then hijack a YouTube channel.
The scam uses a personalised page that mirrors YouTube branding and pulls real channel data such as profile pictures, subscriber counts, and latest videos to push users towards a Google sign-in page that surveils every keystroke. The operation runs like a franchise, with multiple attackers sharing a common platform and running campaigns against different creators, and the phishing flow even checks whether a target has more than three million subscribers to avoid suspicion.
The sign-in flow is hosted on a dynamic, rotating set of domains beginning with dmca-notification[.]info, with additional infrastructure such as blacklivesmattergood4[.]com and several other nets, and a Browser-in-the-Browser style fake Google window designed to fool victims. The campaign is phishers-as-a-service, featuring an affiliate system and the ability to swap domains in real time to stay ahead of takedowns.