IT security specialists Bitdefender have discovered a series of streamjacking attacks that target the YouTube platform and are becoming more widespread. By cloning the official accounts of public figures such as Elon Musk, cybercriminals aim to deceive as many followers as possible.
This type of attack involves either redirecting the followers of a popular channel to a cybercriminal-run channel that closely mimics the real channel, or the cybercriminal takes full control of the real account.
The purpose of YouTube streamjacking attacks is usually financial, to trick and lure subscribers of famous channels or personalities into fraudulent campaigns using cryptocurrency. For example, such a message asking for a small amount of bitcoins contributes to a double win.
How these attacks work
Account Hijacking – Cybercriminals send a fake message to the owner of a popular YouTube account offering cooperation or copyright infringement notices. The channel owner is prompted to download a file from the email that is actually malware. Once this file is opened, the malware steals data from your computer to give an attacker access to the credentials for that YouTube account—it can even bypass additional security measures like 2FA. Once an attacker gains access, the account owner is locked out.
Cloning Official Accounts – Cybercriminals create live YouTube pop-ups that appear in subscribers’ feeds and usually promote the same content as the actual channel. . These pop-ups contain deep fakes where attackers try to advertise cryptocurrency scams, which are either hidden links or QR codes sent to a fraudulent website.
Given the number of live stream popups seen, the operation is most likely automated.
The main conclusions:
- The information was collected from July to September 2023.
- The maximum number of followers of the stolen account is almost ten million.
- The maximum number of views of a stolen account is 3,643,275,137.
- Most stolen accounts use a variant of the Tesla logo or even the official logo, such as Tesla US, Tesla Live, Tesla (US), Tesla News. Many of these names look identical, but in reality the letter `l` has been replaced by a capital `i` (`I`).
- The number of individual channels that were hacked is 1,190.
- The number of live streams found is 1370 and counting.
- Like most online scams, the main goal is to steal money, credentials, and personal information.
Recommendations for owners of YouTube channels:
- Set up your account with a unique and strong password and never reuse passwords. You can choose a dedicated password management service to provide you with secure passwords.
- Enable additional layers of security, such as two- or more-factor authentication.
- Be careful when interacting with links in the comments section of videos you post.
- Install security solutions to protect against phishing and malicious attacks.
Recommendations for subscribers of the YouTube channel:
- Watch out for videos with headlines that encourage you to invest in cryptocurrencies or promise big profits.
- Do not click on links that contain offers that are too good to be true.
- Never scan QR codes you see in videos advertising free cryptocurrency gifts.
- Use a security solution that detects and blocks phishing attempts before they affect your banking and personal information.
Photo source: Dreamstime.com
Source: Hot News
Lori Barajas is an accomplished journalist, known for her insightful and thought-provoking writing on economy. She currently works as a writer at 247 news reel. With a passion for understanding the economy, Lori’s writing delves deep into the financial issues that matter most, providing readers with a unique perspective on current events.