Hackers Stealing Popular YouTube Videos

YTStealer Virus Steals Authentication Keys

For the majority of people, making YouTube videos is not just a hobby. To produce high-quality tutorials and entertaining videos, the most individuals spent thousands of dollars to produce the highest quality content for their viewers.

It is public knowledge that the highest paid YouTubers have made millions of dollars per month. Meanwhile, others that make just a few thousand dollars monthly still earn a decent amount from the video sharing platform. YouTube, since its creation has been a success story. Thus, overtime, lucrative YouTube content makers have become the main target of some malicious hackers from the dark web.

Reportedly, the criminal hackers have unleashed a new data-grabbing virus that steals channels from YouTube creators. Analytical reports from cyber researchers claim that the YTStealer hacking tool has been configured to steal YouTube video authentication keys. With this tool in their hands, the hackers were able to seize control of some of the most lucrative video channels from their owners.

Cyber researchers claim that YTStealer’s limited focus is just to hijack and steal YouTube videos, which is quite insignificant in comparison to the other info-stealers scamming campaigns, in which cyber criminals frequently target several victims in their data stealing operations.

YouTube Content Hacking

The researchers at Intezer have been following the developers of YTStealer and have revealed that by focusing solely on that goal, the threat actors effectively streamline their targeted token-stealing methods, which allows them to achieve maximum success.

Analysts also disclosed how the attackers modified popular video content software such as Antares Auto-Tune Pro, Fl Studio, OBS Studio, Ableton Live, and Premiere Pro, to launch their data stealing campaigns. These are the video editing programs hijacked to give YSTealer the power to modify videos. With the YTStealer, the hacking group inserted maliciously coded malware, and has, so far, taken over the fresh video contents uploaded by some well-known YouTube creators.

YTStealer Hacked Video Games

The malicious YTStealer installs have imitated other programs that are also directed against game producers. Some reported video games that have been hacked by malicious malware include Grand Theft Auto V mods, Roblox, the Valorant game, Call of Duty and Counter-Strike Go hacks.

Other hijacks done by the YTStealer hackers were traced to phony token generators for Spotify Premium and Discord Nitro. Also noted by the cyber security specialists Intezer, the notorious RedLine and Vidar threat actors have teamed up with the YTStealer gang.

Cyber researchers at Intezer claim that depending on the popularity of the channels, stolen YouTube accounts can sell on dark web markets for substantial amounts. Undoubtedly, widely famous YouTube channels will rake in top dollars for criminal hackers.

Stealth Operation by YTStealer

According to the analytical research, the YTStealer spyware makes use of the Rod Library, a program that may take automatic control of a web browser, enabling the virus to hijack content from YouTube channels such as the identity of channel subscribers, and even the sum of money given by Google to the YouTube video makers.

The scraped data, thanks to its stealthy data collection skills, allows YTStealer to take over YouTube accounts of any size, and this is thanks to its completely automated features. Once criminal hackers have access to the stolen data, they are quickly advertised and sold on dark web marketplaces. Particularly since the sale of these stolen YouTube accounts is so widespread on the deep web.

Although it is relatively typical for these stolen YouTube videos to be sold on dark web markets, the hackers who purchase these accounts frequently demand a ransom from the rightful owners or use the channels as fronts for different cryptocurrency frauds.

Therefore, YouTube content providers are advised to periodically log out of their accounts to invalidate authentication tokens garnered by the YTStealer virus. Preventing threat actors from stealing their accounts is still an arduous task, even with MFA authentication. For now, the YTStealer virus poses a serious threat to YouTube content creators.