December 2, 2023

Cybercriminals are taking on high-profile YouTube accounts to advertise crypto scams, researchers have discovered.

Suspicious reside streams on YouTube, typically that includes Elon Musk and his electrical automobile firm Tesla, rebroadcast reliable content material whereas together with malicious QR codes or hyperlinks within the video or feedback part, directing customers to cryptocurrency rip-off web sites.

Cybersecurity agency Bitdefender, which investigated the marketing campaign, known as the approach “stream-jacking.”

In accordance with the researchers, the scammers used phishing kits to automate the assaults. The id of the particular person behind the equipment stays unknown.

Lots of the YouTube channels broadcasting these scams had been hijacked or stolen, with their unique movies both made personal or deleted. The channel descriptions had been edited to resemble the official Tesla channel.

A screenshot of a rip-off video found by researchers. Credit score: Bitdefender

To take management of those channels, hackers despatched phishing emails to their house owners, which probably supplied alternatives for collaborations, sponsorships, or pretend copyright notices from YouTube.

A malicious file within the electronic mail put in Redline Infostealer malware, which collected vital information from victims’ computer systems, together with session tokens and cookies, even when two-factor authentication was activated.

In a lot of the analyzed circumstances, YouTube deleted the channels when it recognized suspicious exercise. Because of this the real channel proprietor might lose all their movies, playlists, views, subscribers, and monetization. Just a few of those channels had tens of millions of subscribers and billions of complete views.

The remark sections of all of the suspicious reside streams had been both turned off or restricted to subscribers of 10 or 15 years, making it tough for customers who know in regards to the rip-off to warn others, in line with Bitdefender.

Malicious hyperlinks unfold by compromised YouTube channels promoted a typical rip-off: the fraudsters usually ask people to ship any quantity of cryptocurrency with the promise of doubling the quantity despatched.

The researchers additionally discovered movies with deepfakes of Elon Musk, advocating for the significance of cryptocurrencies. These deepfakes had been so well-made that they may seem real to the typical viewer, in line with the report.

Researchers additionally discovered a Telegram channel in Russian that seems to be promoting the phishing equipment. As of July, it solely had 11 subscribers.

In all, Bitdefender found 1,300 movies selling crypto scams on malicious web sites that most likely got here from the identical phishing equipment.

All the promoted rip-off web sites had been protected by Cloudflare, making it tougher to investigate them mechanically.

“YouTube channels with a large subscriber rely are extremely fascinating to cybercriminals who can monetize them by both demanding ransom from the reliable proprietor or distributing scams and malware to the accounts’ viewers,” Bitdefender stated.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Be taught extra.

No earlier article

No new articles

Daryna Antoniuk

Daryna Antoniuk
is a contract reporter for Recorded Future Information based mostly in Ukraine. She writes about cybersecurity startups, cyberattacks in Jap Europe and the state of the cyberwar between Ukraine and Russia. She beforehand was a tech reporter for Forbes Ukraine. Her work has additionally been revealed at Sifted, The Kyiv Impartial and The Kyiv Publish.