New YTStealer Malware Steals Accounts From YouTube Creators


YouTube video producers are the target of a new data-stealing spyware called YTStealer, which aims to steal their authentication keys and take over their channels.

It is strange that YTStealer exists in a market where numerous info-stealers vie for cybercriminals’ attention and that it has such a narrow emphasis.

Intezer’s research, released today, claims that by concentrating on just one objective, the creators of YTStealer were able to develop very successful token-stealing techniques.

concentrating on YouTube content producers

The majority of the YTStealer malware‘s spread relies on lures imitating software that alters videos or serves as content for new channels because it targets YouTube creators.

OBS Studio, Adobe Premiere Pro, FL Studio, Ableton Live, Antares Auto-Tune Pro, and Filmora are a few examples of imitated programmes that contain harmful YTStealer installations.

In other instances, YTStealer impersonates Grand Theft Auto V mods, Call of Duty and Counter-Strike Go cheats, the Valorant game, or Roblox hacks in order to target game developers.

The researchers also discovered new viruses in cracks and token generators for Spotify Premium and Discord Nitro.

Intezer claims that YTStealer is frequently combined with other information thieves including the infamous RedLine and Vidar.Since it targets password stealing from a wider range of software, it is typically viewed as a specialised “extra” distributed alongside malware.

YTStealer capabilities

Prior to running on the host, the YTStealer virus performs various anti-sandbox checks utilising the free Chacal utility.

The malware carefully examines the browser SQL database files to look for YouTube authentication tokens if it determines that the infected machine is a legitimate target.

Then, after adding the stolen cookie to its store, it launches the web browser in headless mode to validate them.If it’s legitimate, YTStealer also gathers extra data like:

  • YouTube channel name
  • Subscriber count
  • Creation date
  • Monetization status
  • Official artist channel status

The target wouldn’t notice anything odd until they closely examined their running processes, therefore by starting the web browser in headless mode, the entire operation becomes stealthy.

YTStealer uses the Rod library, a tool used for web automation and scraping, to control the browser.As a result, the threat actor doesn’t manually intervene in the information exfiltration from the YouTube channel.

Selling accounts on the dark web

Fully automated, YTStealer steals all YouTube accounts, regardless of how big or tiny they are, and then lets its operators analyse their haul.

According to Intezer, charges for the stolen YouTube accounts vary based on the number of channels they have.It goes without saying that a YouTube channel will cost more to buy on dark web markets the bigger and more popular it is.

The buyers of those accounts commonly utilise the stolen authentication cookies to either demand a ransom from the legitimate owners of YouTube channels or hijack the channels for various cryptocurrency scams.

This poses a significant risk to YouTube content producers since, even if their accounts are protected by MFA, the authentication tokens will still allow threat actors to access their accounts.

It is advised that YouTube producers log out of their accounts periodically to invalidate any previously created or stolen authentication tokens.

Found this article interesting? Follow BG on Facebook, Twitter and Instagram to read more exclusive content we post.

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments

Latest news


Table of Contents1. Make use of keyboard shortcuts2. A universe of widgets and integrations3. Use technology to defeat technology4....

10 Best Backpacking and Camping gadgets 2024

Table of Contents10 Best Backpacking and Camping gadgets1. Living Lodge at Snow Peak M2. Camper JISULIFE Fan3. NOMAD Smoker...

20 Cool Smart home Gadgets on Amazon 2024, trend this year!

Table of Contents20 Cool Smart home Gadgets on Amazon1. Twelve South AirFly Pro Bluetooth Wireless Audio Transmitter/Receiver:2. PhoneSoap Dual...

Top 10 gadgets to buy under Rs.1000

Table of ContentsTop 10 gadgets to buy under Rs.1000 on Amazon India1. pTron Bullet Pro 36W PD Quick Charge2....

Latest Updates

Must read

Meta To Bring Its Avatars To WhatsApp Soon

The business has started creating the feature for iOS. WhatsApp...

Google Pixel 4a official annoucment

Google Pixel 4a render surfaced on the Google Canada...

You might also likeRELATED
Recommended to you

Would love your thoughts, please comment.x