YTStealer Hijacks and Steal YouTube Videos
Hackers Spyware Targets Video Creators
Creating YouTube videos is not just a past time for most people – It is a job. Most individuals invested thousands of dollars in their operations to create quality videos for their subscribers. Over the recent decades, millions of dollars were made by some YouTubers each month, while some make a few thousand dollars. Now, with the success of YouTube content creators comes the criminal hackers.
YouTube producers have become the main targets of a new data-stealing spyware that is ripping off channels. The YTStealer hacking tool, according to security analysts, has been programmed to steal YouTube video authentication keys. Thus, allowing the hackers to take over some of the most profitable video channels from their owners.
However, with the aim of YTStealer to steal authentication keys and take over YouTube channels; strangely, the criminal hackers behind this spyware utilize just this limited target. According to cyber analysts, YTStealer’s narrow emphasis pales in comparison to the other info-stealers that cyber criminals often use in their scamming campaigns.
Hacking YouTube Content
Intezer’s research team has been tracking YTStealer creators and have released that with their main concentration on a single objective, the dark web hackers were able to develop targeted token-stealing techniques successfully.
In addition, the analysts revealed how the malware relies on imitating popular video content software, thus giving it the capability of altering videos. So far, the YTStealer has hijacked the content for new videos published by popular YouTube creators. The dark web hackers created their campaign by injecting malware in premium video creator software such as Fl Studio, OBS Studio, Ableton Live, Adobe Premiere Pro, and Antares Auto-Tune Pro.
YTStealer Hacks Popular Video Games
The malicious YTStealer installs have mimicked other software targeting game developers as well. Hacked video games include Call of Duty and Counter-Strike Go cheats, Grand Theft Auto V mods, the Valorant game, and Roblox.
The cyber security researchers also documented new viruses and fake token generators for Spotify Premium and Discord Nitro. Intezer reported that the YTStealer hackers have also joined forces with other hacking groups like the infamous RedLine and Vidar dark web hackers.
According to Intezer cyber analysts, the prices for the stolen YouTube accounts can fetch very high dollars based on the popularity of the channels. Obviously, a very popular YouTube channel will cost more for advertisement purposes.
YTStealer Stealth Operation
Analytical studies show that the YTStealer spyware utilizes the Rod library, which is a tool that can automatically control a web browser while the malware exfiltrates the content from the YouTube channels. With its stealth gathering prowess, the scraped data includes the names of the targeted YouTube channel subscribers, the video creation date, and even the amount of money paid by Google to the YouTube video creator.
With its fully automated qualities, YTStealer steals trending YouTube accounts, regardless of their sizes. Once, the stolen info is in the hands of criminal hackers they can analyze their haul. Especially, with the selling of these stolen YouTube accounts quite popular on the dark web.
However, while selling these stolen YouTube videos on markets on the dark web is quite common, oftentimes, the hackers that buy these accounts commonly demand a ransom from the legitimate owners, or hijack the channels for various cryptocurrency scams.
The YTStealer spyware poses a significant threat to YouTube content producers, even with the enabling of MFA authentication tokens. Therefore, to prevent threat actors from stealing their accounts, YouTube content creators must periodically log out of their accounts to invalidate authentication tokens that may have been stolen by the YTStealer malware.
