New YTStealer Malware Steals Accounts From YouTube Creators


YouTube video producers are the target of a new data-stealing spyware called YTStealer, which aims to steal their authentication keys and take over their channels.

It is strange that YTStealer exists in a market where numerous info-stealers vie for cybercriminals’ attention and that it has such a narrow emphasis.

Intezer’s research, released today, claims that by concentrating on just one objective, the creators of YTStealer were able to develop very successful token-stealing techniques.

concentrating on YouTube content producers

The majority of the YTStealer malware‘s spread relies on lures imitating software that alters videos or serves as content for new channels because it targets YouTube creators.

OBS Studio, Adobe Premiere Pro, FL Studio, Ableton Live, Antares Auto-Tune Pro, and Filmora are a few examples of imitated programmes that contain harmful YTStealer installations.

In other instances, YTStealer impersonates Grand Theft Auto V mods, Call of Duty and Counter-Strike Go cheats, the Valorant game, or Roblox hacks in order to target game developers.

The researchers also discovered new viruses in cracks and token generators for Spotify Premium and Discord Nitro.

Intezer claims that YTStealer is frequently combined with other information thieves including the infamous RedLine and Vidar.Since it targets password stealing from a wider range of software, it is typically viewed as a specialised “extra” distributed alongside malware.

YTStealer capabilities

Prior to running on the host, the YTStealer virus performs various anti-sandbox checks utilising the free Chacal utility.

The malware carefully examines the browser SQL database files to look for YouTube authentication tokens if it determines that the infected machine is a legitimate target.

Then, after adding the stolen cookie to its store, it launches the web browser in headless mode to validate them.If it’s legitimate, YTStealer also gathers extra data like:

  • YouTube channel name
  • Subscriber count
  • Creation date
  • Monetization status
  • Official artist channel status

The target wouldn’t notice anything odd until they closely examined their running processes, therefore by starting the web browser in headless mode, the entire operation becomes stealthy.

YTStealer uses the Rod library, a tool used for web automation and scraping, to control the browser.As a result, the threat actor doesn’t manually intervene in the information exfiltration from the YouTube channel.

Selling accounts on the dark web

Fully automated, YTStealer steals all YouTube accounts, regardless of how big or tiny they are, and then lets its operators analyse their haul.

According to Intezer, charges for the stolen YouTube accounts vary based on the number of channels they have.It goes without saying that a YouTube channel will cost more to buy on dark web markets the bigger and more popular it is.

The buyers of those accounts commonly utilise the stolen authentication cookies to either demand a ransom from the legitimate owners of YouTube channels or hijack the channels for various cryptocurrency scams.

This poses a significant risk to YouTube content producers since, even if their accounts are protected by MFA, the authentication tokens will still allow threat actors to access their accounts.

It is advised that YouTube producers log out of their accounts periodically to invalidate any previously created or stolen authentication tokens.

Found this article interesting? Follow BG on Facebook, Twitter and Instagram to read more exclusive content we post.

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments

Latest news

How to get more followers on Instagram 2024

Your Instagram followers are members of your community, not just a numerical figure. That being said, you can experience a...

Incredible kitchen gadgets to make cooking easier

Essential kitchen tools for preparing and consuming healthful food With the help of these appliances, cooking healthful meals that your...

Top 10 tech gadgets under Rs.10000

Table of Contents1. Lenovo Tab M8 HD tablet2. Amazfit Bip S wearable device3. K480 Logitech Keyboard4. My WiFi-Enabled Smart...

Top 5 high paid tech skills in 2024

Table of ContentsMachine learning (ML) and artificial intelligence (AI)Complete-Stack DevelopmentArchitects of the CloudDevelopers of Operations The tech sector will continue...

Latest Updates

Must read

Samsung Galaxy M01s Official Support Page Reveals 3GB RAM Variant, May Launch in India Soon

Samsung Galaxy M01s is expected to come with 32GB...

Nokia T10 Tablet With 8-Inch HD Display, 5,100mAh Battery Announced

The Nokia T10 is a device that Android Enterprise...

You might also likeRELATED
Recommended to you

Would love your thoughts, please comment.x