Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Youtube Hack. Show all posts

OnionPoison: Malicious Tor Browser Installer Distributed through YouTube Video

 

Researchers at Kaspersky have detected a trojanized version of the Window installer for the Tor Browser, that is being distributed through a popular Chinese YouTube channel. 
 
The malware campaign, dubbed OnionPoison allegedly reaches internet users through the Chinese-language YouTube video. The video is providing users with information on ‘staying anonymous online.’ 
 
The threat actors attach a malicious URL link to the official Tor website, below the YouTube video. Additionally, adding another link to a cloud-sharing service hosting an installer for Tor was modified to include malicious code.  
 
The YouTube Channel has more than 180,000 subscribers, with the video being on top result for the YouTube query ‘Tor浏览器’ translating to “Tor Browser.” The video, posted on January 2022 had more than 64,000 views at the time of discovery (March 2022), reported Kaspersky. The malware installs a malicious Tor Browser that is structured to expose user data that involves a list of installed software, browsing history, and data the users may have entered in a website form. The researchers also found that the library bundled with Tor Browser is infected with spyware. 
 
“More importantly, one of the libraries bundled with the malicious Tor Browser is infected with spyware that collects various personal data and sends it to a command and control server. The spyware also provides the functionality to execute shell commands on the victim machine, giving the attacker control over it [...] We decided to dub this campaign ‘OnionPoison’, naming it after the onion routing technique that is used in Tor Browser.” reads the analysis conducted by Kaspersky. 
 
It is worth mentioning that the Tor browser is banned in China on account of China's extensive internet censorship. As a result, users often access the browser through third-party websites for downloading it. Hence, the users are most likely to be exposed to scams and be deceived into downloading the malicious installer.  
 
It is believed that the intention of the OnionPoison campaign may not be financially motivated as the threat actors did not recover any credentials or wallets.  
 
In regard to this, the researchers are warning China-based users and companies to avoid using third-party websites for downloading software to prevent becoming targets of threat actors.  
 

Crypto Scammers Hack Famous Youtube Channel ‘DALLMYD’ with 13 Million Subscribers

 

Popular YouTuber Jake Koehler (aka Scuba Jake) has disclosed the hacking of his channel with over 13 million subscribers and 1.75 billion views since its establishment in 2011. The crypto fraudsters took control of the channel on September 9 and tried to defraud subscribers with a bogus giveaway involving Bitcoin (BTC) and Ethereum (ETH). 

An analysis by the financial news and crypto analysis blog Finbold shows that fraudsters siphoned 1.01 BTC, equivalent to nearly $21,000 in a fake crypto lottery. The investigation relied on QR codes published by scammers for subscribers to scan before sending cryptocurrencies. 

The shared Bitcoin wallet recorded four transactions and received a total of 1,0107 BTC. That’s the same amount the crypto scammers siphoned from Jake’s subscribers, but it can be much higher as the fraudsters may have switched wallets during the live broadcast, Blockchain.com reported. 

The scam impersonated other fraudulent incidents on YouTube where scammers utilize an old interview involving a famous personality in crypto circles, re-post it as a live stream, and advertise the fake giveaway in the information section. It is believed that scammers opt for the live option because it offers more credibility. 

How fraudsters targeted Scuba Jack subscribers 

Under the crypto scam, the fraudsters changed the channel’s name from ‘DALLMYD’ to ‘MicroStargey US,’ replicating the crypto-friendly American business intelligence company MicroStrategy. 

Subsequently, the scammers conducted at least two live streams of an old video involving former MicroStrategy’s CEO Michael Saylor. In this case, the scammers lured innocent subscribers into sending cryptocurrency, thinking they would receive a prize from Saylor or higher returns. Currently, the channel had been restored, with Jack confirming the same via an Instagram story on September 10.

Scammers leveraging YouTube to launch crypto scams 

The scammers are exploiting the YouTube platform to target high-profile individuals and organizations. Earlier this year in May, the crypto scammers employed a “double your funding” scheme to lure their victims with the promise of high Bitcoin profits. Millions of dollars were stolen with the help of fake endorsements from the prominent faces of Elon Musk, Jack Dorsey, and Cathie Wood. 

The unknown fraudsters made more than $1.3 million in just a few weeks after re-streaming an edited model of an old live panel dialogue on cryptocurrency with Elon Musk, Jack Dorsey, and Cathie Wood at Ark Invest’s “The ₿ Word” convention. 

Furthermore, research by antivirus software firm Kaspersky disclosed that besides targeting YouTube channels, fraudsters are increasingly prowling the comments section under videos to promote fake crypto services while offering low prices for certain currencies. The hackers usually target top-trending videos and leave comments promoting a fake “breach” in the crypto market with enticing statistics.