YouTube Hacking Warning As Automated 2FA-Bypass Attacks Underway

Cybersecurity YouTube Hacking Warning As Automated 2FA-Bypass Attacks Underway Davey Winder Senior Contributor Opinions expressed by Forbes Contributors are their own. Co-founder, Straight Talking Cyber New! Follow this author to improve your content experience. Got it! Jun 30, 2022, 04:31am EDT | Share to Facebook Share to Twitter Share to Linkedin YouTube creators warned of automated account takeover attacks Future via Getty Images When it comes to credential theft and account takeovers, you might think that cybercriminals are somewhat indifferent as to what account is compromised.

This is true, to a degree. Some accounts are more valuable than others, an email account can hold the keys to various kingdoms for example, but any account hack is a win. Where specialization is a factor, and a profitable one at that, is within the assorted online forums where malware to attack specific account types is sold.

When the accounts in question are those belonging to YouTube creators, given the number of eyes these can attract, then it grabs my attention. Particularly when in the case of YTStealer it can effectively bypass 2FA protections. With YTStealer being sold as a service to cybercriminals, it should come as no surprise that security researchers have spotted fully automated YTStealer attacks underway with compromised accounts already being sold on the dark web.

MORE FROM FORBES Password Hacking-New Research Says Keyboard Audio Can Leak Your Secrets By Davey Winder According to a report from automated security intelligence provider Intezer, YTStealer is “malware whose objective is to steal YouTube authentication cookies. ” A credential harvester focused entirely on gaining control of YouTube creator accounts, be they of ‘influencer’ follower proportions or small fishes in this incredibly large content creation sea. Once this account compromise as a service malware has harvested the credentials, it’s up to the customer what they do with them: high-value accounts could be sold at profit or compromised in order to spam or spread further malware.

How does a YTStealer attack work? Then Intezer report discovered that game mods and trainers, or cheats if you prefer, were one of the target groups where YTStealer was dropped in the guise of an installer or a genuine application. These included various hacks for Counter-Strike Go, Call of Duty, and Roblox. Unsurprisingly, audio and video editing was another, with fake installers for the likes of Adobe Premiere Pro and Ableton Live 11 Suite among them.

There were also other targeted distribution routes including security and anti-virus tools (Norton and Malwarebytes) and ‘cracked’ software such as Spotify Premium. MORE FOR YOU iOS 15: Apple Issues 22 Important iPhone Security Updates Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking iOS 15 Is Available Now With These Stunning New iPhone Privacy Features Bleeping Computer reported that sandbox checks are run before YTStealer runs the installer, as well as checking that the system is a valid target for the malware. If everything gets a green light, at this stage YTStealer will scrutinize “the browser SQL database files to locate YouTube authentication tokens.

” If these are validated, then the malware will harvest channel names, subscriber counts and monetization status. A web automation utility is used so that the threat actor concerned doesn’t need to perform any manual intervention. Perhaps of most concern, though, Bleeping Computer also reported that “even if their accounts are secure with multi-factor authentication, the authentication tokens will bypass MFA and allow the threat actors to log into their accounts.

” MORE FROM FORBES This New Hack Swipes iPhone & Android Screens Without Touching Them By Davey Winder How can you protect yourself against a YTStealer YouTube account takeover attack? Intezer advises that YouTube creators, or any user for that matter, should practice good basic security hygiene and “only use software from trusted sources. ” Bleeping Computer, meanwhile, adds that the periodical logging out of YouTube accounts will act to invalidate previously created, or stolen, authentication tokens. I have reached out to Google/YouTube for a statement and will update this article should one be forthcoming.

Follow me on Twitter or LinkedIn . Check out my website or some of my other work here . Davey Winder Editorial Standards Print Reprints & Permissions.