A phishing kit purpose-built for YouTube creators fakes a copyright strike that includes your real avatar, subscriber count, and latest video. Click "appeal" and your Google account is gone. Malwarebytes published a breakdown on April 15 of the kit, which embeds your channel handle in the URL, scrapes YouTube's public data to personalize the scare page, and pops a fake Google sign-in overlay when you try to appeal. Once the credentials are stolen, attackers take over the entire Google account — Gmail, Drive, Pay — and use the channel to run crypto scam livestreams. The whole operation runs as phishing-as-a-service with rotating domains. The fix: real YouTube copyright strikes only appear inside YouTube Studio. If it's in your email, it's phishing. Source: https://www.malwarebytes.com/blog/threat-intel/2026/04/fake-youtube-copyright-notices-can-steal-your-google-login More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday.

New VS Code Zero-Day Steals GitHub Tokens in One Click
1.5K views

Microsoft Backs Down on Threats Against Zero-Day Researcher
6.4K views

CIFSwitch Linux Kernel Bug: Any Logged-In User Gets Root
2.3K views

BusPatrol Wants 40,000 School Buses to Be Police Plate Trackers
4.2K views

How the Mirai Trio Avoided Prison (Part 6 of 6)
1.7K views

How the FBI Tracked Down the Mirai Trio (Part 5 of 6)
1.6K views