Hijacked: How Hacked YouTube Channels Spread Scams and Malware

As one of today’s most popular social media platforms, YouTube is often targeted by cybercriminals who exploit it to spread scams and distribute malware. These attacks frequently involve videos posing as tutorials for popular software or ads for crypto giveaways. Fraudsters also embed links to malicious websites in video descriptions or comments, disguising them as genuine resources related to the video’s content.

The Escalating Threat of YouTube Channel Thefts

The theft of popular YouTube channels significantly amplifies the impact of these fraudulent campaigns, reaching millions of unsuspecting users. Cybercriminals repurpose these channels to spread crypto scams, info-stealing malware, and links to pirated, malware-laden software, movies, and game cheats. For YouTubers, having their accounts stolen can lead to distressing consequences, including loss of income and reputational damage.

Methods of YouTube Channel Hijacking

  1. Phishing Attacks: Attackers create fake websites and send emails that appear to be from YouTube or Google, tricking targets into revealing their login credentials. Often, they lure victims with fake sponsorship or collaboration deals, including attachments or links to malicious files.
  2. Session Cookie Theft: Attackers can hijack accounts by stealing session cookies from victims' browsers, bypassing additional security checks. This method was notably used in the breach of Linus Tech Tips, which had 15 million subscribers at the time.
  3. Credential Stuffing and Brute Force Attacks: By leveraging lists of usernames and passwords from past data breaches, attackers exploit the common practice of password reuse. Automated tools try numerous password combinations until the correct one is found, particularly when weak or common passwords are used.

Recent Incidents and Case Studies

Recently, the AhnLab Security Intelligence Center (ASEC) reported a surge in cases where cybercriminals hijack popular YouTube channels, including one with 800,000 subscribers, to distribute malware like RedLine Stealer, Vidar, and Lumma Stealer. Lumma Stealer, in particular, targets crypto wallets, login credentials, and 2FA browser extensions, posing as cheating software or video game cracks.

In some scenarios, criminals hijack existing Google accounts and quickly post thousands of videos that distribute info-stealing malware. Victims may have their devices compromised, leading to the theft of accounts on other major platforms such as Instagram, Facebook, Twitch, and Steam.

Staying Safe on YouTube

To protect yourself on YouTube, follow these best practices:

  1. Use Strong and Unique Login Credentials: Create strong passwords or passphrases and avoid reusing them across multiple sites. Consider using passkeys as another form of authentication offered by Google.
  2. Implement Strong 2FA: Use two-factor authentication not only on your Google account but on all your accounts. Prefer authentication apps or hardware security keys over SMS-based methods.
  3. Be Cautious with Emails and Links: Be skeptical of emails claiming to be from YouTube or Google, especially those asking for personal information or account credentials. Avoid clicking on suspicious links or downloading attachments from unknown sources.
  4. Keep Software Updated: Ensure your operating system, browser, and other software are up to date to protect against known vulnerabilities.
  5. Monitor Account Activity: Regularly check your account activity for any suspicious actions or login attempts. If you suspect your channel has been compromised, follow Google’s guidance for recovering hacked accounts.
  6. Educate Yourself: Stay informed about the latest cyber threats and scams targeting YouTube users. Knowledge of potential threats can help you avoid falling victim.
  7. Report and Block Suspicious Content: Report any suspicious or harmful content, comments, links, or users to YouTube. Blocking such users can prevent further contact.
  8. Secure Your Devices: Use multi-layered security software across your devices to protect against a variety of threats.

By following these practices, YouTube users can better protect themselves against the growing threat of scams and malware on the platform.