Google said it found no fewer than 15,000 accounts behind the phishing messages and 1,011 domains that were purpose-built to deliver the fraudulent software responsible for executing cookie stealing malware designed to extract passwords and authentication cookies from the victim’s machine and upload them to the actor’s command-and-control servers. The hackers would then use the session cookies to take control of a YouTube creator’s account, effectively circumventing two-factor authentication (2FA), as well as take steps to change passwords and the account’s recovery email and phone numbers.
Link: https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html
It’s concerning that two recent high profile attacks were able to circumvent 2FA using social engineering tactics. I can see average users abandoning the inconvenience of 2FA should these continue to increase.
Good example of why it is so important to educate users. No matter what the technical controls are (like 2FA) there will always be a way to circumvent them. The best option is to have them know not to click the links that install the malware in the first place.