A recent trend among major streaming platforms has been to increase their threat of stream-jacking attacks. Cybercriminals aim to compromise high-profile accounts, especially those with large follower counts, so that their deceptive messages may reach a large audience through compromised accounts.
Bitdefender Labs researchers have been actively monitoring steam-jacking attacks that have been targeting high-profile YouTube accounts in October of 2023 to conduct various crypto-doubling scams.
In a new report published by Bitdefender, a sudden rise in stream-jacking attacks has been revealed targeting high-profile and popular streaming services such as YouTube, where malicious links or lures are distributed to the user.
While most of these attacks result in a complete account takeover, there are some instances where the attackers may still manage the account. On average, YouTube creators make about 55% of their revenue from their channels. For every $100 that an advertiser pays to Google, they are paid USD 55.
Accordingly, YouTube creators earn an average of $0.18 per view, which equates to $ 18 per 1,000 views. This means that the top ten YouTubers averaged $300,000,000 in revenue for the year 2021, representing an increase of 40% from this year.
As creators are being paid so much, they're making more videos. As with all success and high payouts, it's not uncommon for them to attract unwanted attention. In addition to its security features and privacy policies, YouTube is quite different in its approach to dealing with scams.
It is not uncommon for scammers to target victims with fake products on YouTube, just as they do on social media. Followers are lured to mimicked channels, promising rewards, and scammed by them. According to the researchers, stream-jacking attacks on YouTube are being targeted by cybercriminals, who use accounts with a large number of followers to spread fraudulent messages to users.
The researchers found that it is not uncommon for cybercriminals to target YouTube users with suspicious popups that promote the same content, but with malicious intent, in their end-users’ feeds. This campaign is primarily aimed at YouTube channels with large followings since cybercriminals can easily monetize them by requesting ransom from the channel owner or distributing malware to their subscribers and viewers.
Many of these channels are used by top-rated brands, including Tesla, that have millions of followers and millions of views on their videos.
Most often, the content that the attackers publish is related to Tesla or other Elon Musk ventures (usually by way of deepfakes) and includes QR codes that lead to phishing sites or fraudulent websites.
The criminals use a variety of tricks, such as restricting comments to those who are subscribers to the channel for more than ten or fifteen years (thereby reducing the risk that people who are aware of the scam will alert other viewers), and ensuring that their websites are protected with Cloudflare (thereby making automated analysis difficult).
In addition, if YouTube detects that the channel is operating maliciously, the channel will be permanently deleted, which means that all videos, playlists, views, subscribers, monetisation, and so on, will no longer be available, even though this can be avoided if the channel owner contacts YouTube.
There have been several scams taking advantage of the recent news coverage of the Bitcoin ETF.
MicroStrategy and its former CEO, Michael Saylor, have been the subject of fraudulent broadcasts since late December 2023, exploiting title references to the Bitcoin ETF's potential success to build a reputation among viewers.
Michael Saylor is often portrayed in these broadcasts as a deep fake who encourages people to participate in fake giveaways through looped deep fakes. To enhance the credibility of these compromised channels, they use official MicroStrategy emblems, banners, and playlists and, in some cases, even link to the official channels to enhance the credibility of these channels.
These thumbnails are the same across all instances of these videos, regardless of where they are accessed. The channel's name has undergone many alterations post-takeover, ranging from MicroStrategy US, MicroStrategy Live, Micro Strategy and many others, usually with subtle alterations such as trailing spaces, parentheses or spaces at the end.