New YTStealer Malware Steals Accounts From YouTube Creators


YouTube video producers are the target of a new data-stealing spyware called YTStealer, which aims to steal their authentication keys and take over their channels.

It is strange that YTStealer exists in a market where numerous info-stealers vie for cybercriminals’ attention and that it has such a narrow emphasis.

Intezer’s research, released today, claims that by concentrating on just one objective, the creators of YTStealer were able to develop very successful token-stealing techniques.

concentrating on YouTube content producers

The majority of the YTStealer malware‘s spread relies on lures imitating software that alters videos or serves as content for new channels because it targets YouTube creators.

OBS Studio, Adobe Premiere Pro, FL Studio, Ableton Live, Antares Auto-Tune Pro, and Filmora are a few examples of imitated programmes that contain harmful YTStealer installations.

In other instances, YTStealer impersonates Grand Theft Auto V mods, Call of Duty and Counter-Strike Go cheats, the Valorant game, or Roblox hacks in order to target game developers.

The researchers also discovered new viruses in cracks and token generators for Spotify Premium and Discord Nitro.

Intezer claims that YTStealer is frequently combined with other information thieves including the infamous RedLine and Vidar.Since it targets password stealing from a wider range of software, it is typically viewed as a specialised “extra” distributed alongside malware.

YTStealer capabilities

Prior to running on the host, the YTStealer virus performs various anti-sandbox checks utilising the free Chacal utility.

The malware carefully examines the browser SQL database files to look for YouTube authentication tokens if it determines that the infected machine is a legitimate target.

Then, after adding the stolen cookie to its store, it launches the web browser in headless mode to validate them.If it’s legitimate, YTStealer also gathers extra data like:

  • YouTube channel name
  • Subscriber count
  • Creation date
  • Monetization status
  • Official artist channel status

The target wouldn’t notice anything odd until they closely examined their running processes, therefore by starting the web browser in headless mode, the entire operation becomes stealthy.

YTStealer uses the Rod library, a tool used for web automation and scraping, to control the browser.As a result, the threat actor doesn’t manually intervene in the information exfiltration from the YouTube channel.

Selling accounts on the dark web

Fully automated, YTStealer steals all YouTube accounts, regardless of how big or tiny they are, and then lets its operators analyse their haul.

According to Intezer, charges for the stolen YouTube accounts vary based on the number of channels they have.It goes without saying that a YouTube channel will cost more to buy on dark web markets the bigger and more popular it is.

The buyers of those accounts commonly utilise the stolen authentication cookies to either demand a ransom from the legitimate owners of YouTube channels or hijack the channels for various cryptocurrency scams.

This poses a significant risk to YouTube content producers since, even if their accounts are protected by MFA, the authentication tokens will still allow threat actors to access their accounts.

It is advised that YouTube producers log out of their accounts periodically to invalidate any previously created or stolen authentication tokens.

Found this article interesting? Follow BG on Facebook, Twitter and Instagram to read more exclusive content we post.

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments

Latest news

LG Ultra PC 14-Inch, 16-Inch Laptops With AMD Ryzen 5000 Series Processors Launched

The laptops of the LG Ultra PC series include anti-glare IPS panels with minimal bezels. Last week, LG introduced 14-inch...

Samsung Galaxy A23 5G With 6.6-Inch Infinity-V Display, 5,000mAh Battery Launched

Table of ContentsSamsung Galaxy A23 5G price, availability (expected)Samsung Galaxy A23 5G specifications Samsung has not yet revealed the Galaxy...

LG Ultra Tab With 10.35-Inch Display, Snapdragon 680 SoC Launched

Table of ContentsLG Ultra Tab priceLG Ultra Tab specifications The 7,040mAh battery in the LG Ultra Tab supports 25W rapid...

OnePlus 10T Glacier Mat Case With Sustainable Circulation Cooling, Bumper Case Sandstone Launched In India

Table of ContentsOnePlus 10T Glacier Mat Case, Bumper Case Sandstone, Tempered Glass price in India A tempered glass for the...

Latest Updates

Must read

Bitcoin value drops by 50% since November peak

The value of Bitcoin has dropped below $31,000 (£25,140)...

TCL Stylus 5G With Dimensity 700 SoC, 6.81-Inch Full-HD+ Display Launched: Price, Specifications

Bluetooth v5.2 and NFC wireless connectivity are supported by...

You might also likeRELATED
Recommended to you

Would love your thoughts, please comment.x