As one of today's most popular social media platforms, YouTube frequently attracts cybercriminals who exploit it to run scams and distribute malware. These schemes often involve videos masquerading as tutorials for popular software or ads for cryptocurrency giveaways. In other cases, fraudsters embed malicious links in video descriptions or comments, making them appear as legitimate resources related to the video's content.
The theft of popular YouTube channels elevates these fraudulent campaigns, allowing cybercriminals to reach a vast audience of regular YouTube users. These stolen channels are repurposed to spread various scams and info-stealing malware, often through links to pirated and malware-infected software, movies, and game cheats. For YouTubers, losing access to their accounts can be distressing, leading to significant income loss and lasting reputational damage.
Most YouTube channel takeovers begin with phishing. Attackers create fake websites and send emails that appear to be from YouTube or Google, tricking targets into revealing their login credentials. Often, these emails promise sponsorship or collaboration deals, including attachments or links to supposed terms and conditions.
If accounts lack two-factor authentication (2FA) or if attackers circumvent this extra security measure, the threat becomes even more severe. Since late 2021, YouTube content creators have been required to use 2FA on the Google account associated with their channel. However, in some cases, such as the breach of Linus Tech Tips, attackers bypassed passwords and 2FA codes by stealing session cookies from victims' browsers, allowing them to sidestep additional security checks.
Attackers also use lists of usernames and passwords from past data breaches to hack into existing accounts, exploiting the fact that many people reuse passwords across different sites. Additionally, brute-force attacks, where automated tools try numerous password combinations, can be effective, especially if users have weak or common passwords and neglect 2FA.
Recent Trends and Malware
The AhnLab Security Intelligence Center (ASEC) recently reported an increase in hijacked YouTube channels, including one with 800,000 subscribers, used to distribute malware like RedLine Stealer, Vidar, and Lumma Stealer. According to the ESET Threat Report H2 2023, Lumma Stealer particularly surged in the latter half of last year, targeting crypto wallets, login credentials, and 2FA browser extensions. As noted in the ESET Threat Report H1 2024, these tools remain significant threats, often posing as game cheats or software cracks on YouTube.
In some cases, cybercriminals hijack Google accounts and quickly create and post thousands of videos distributing info-stealing malware. Victims may end up with compromised devices that further jeopardize their accounts on other platforms like Instagram, Facebook, X, Twitch, and Steam.
Staying Safe on YouTube
To protect yourself on YouTube, follow these tips:
- Use Strong and Unique Login Credentials: Create robust passwords or passphrases and avoid reusing them across multiple sites. Consider using passkeys for added security.
- Employ Strong 2FA: Use 2FA not just on your Google account, but also on all your accounts. Opt for authentication apps or hardware security keys over SMS-based methods.
- Be Cautious with Emails and Links: Be wary of emails or messages claiming to be from YouTube or Google, especially if they request personal information or account credentials. Verify the sender's email address and avoid clicking on suspicious links or downloading unknown attachments.
- Keep Software Updated: Ensure your operating system, browser, and other software are up-to-date to protect against known vulnerabilities.
- Monitor Account Activity: Regularly check your account for any suspicious actions or login attempts. If you suspect your channel has been compromised, follow Google's guidance.
- Stay Informed: Keep abreast of the latest cyber threats and scams targeting you online, including on YouTube, to better avoid falling victim.
- Report and Block Suspicious Content: Report any suspicious or harmful content, comments, links, or users to YouTube and block such users to prevent further contact.
- Secure Your Devices: Use multi-layered security software across your devices to guard against various threats.