Cyber attacks through different malware are getting more frequent. A new malware, namely YTStealer, has been identified. The main goal of this malicious software is to steal information from the YouTube channels of different content uploaders. After extracting the data, the next step would be to take over their channel.
According to a blog post by Intezer, since the malware only focuses on a single thing, it carries more potential to steal the authentication cookies on the video sharing hub.
The malware carries out its operation by baiting the target where it’d imitate itself as a video editing software. The impersonated software includes Adobe Premier, OBS Studio, Filmora, and many other famous video editing software.
If the YouTube channel belongs to a video game streamer, the malware will depict itself as cheating codes for famous games such as Counter Strike or COD or as a mod for GTA V.
Before making itself at home, the malware would run an anti-sandbox check. This step is executed with the help of Chacal. Once the system has been approved for further actions, YTStealer starts by scrutinising the Structured Query Language (SQL) database files, which would lead it to the authentication cookies.
The cookies are verified through headless mode, if the tokens are authentic, then more data from the victim’s channel can be extracted. At this point, the owner of the channel won’t even realise what’s happening in the background.
As the malware only focuses on cookies and not on how big the channel is, the victim’s would range in different sizes. Once the account is fully extracted, it is later sold on dark sites, as believed by Intezer. Channels with a large following are sold at higher rates. After selling the account, the new owner would either use it for their own scams or blackmail the original owner for money in exchange for their account.
In order to prevent accounts from getting hacked through such malwares, it is advised that the content creators should keep logging themselves out from time to time to nullify cookies that might have been accessed by YTStealer.
Read next: About 75% Of Top Android Apps Used By Indian Users Contain Security Risks
According to a blog post by Intezer, since the malware only focuses on a single thing, it carries more potential to steal the authentication cookies on the video sharing hub.
The malware carries out its operation by baiting the target where it’d imitate itself as a video editing software. The impersonated software includes Adobe Premier, OBS Studio, Filmora, and many other famous video editing software.
If the YouTube channel belongs to a video game streamer, the malware will depict itself as cheating codes for famous games such as Counter Strike or COD or as a mod for GTA V.
Before making itself at home, the malware would run an anti-sandbox check. This step is executed with the help of Chacal. Once the system has been approved for further actions, YTStealer starts by scrutinising the Structured Query Language (SQL) database files, which would lead it to the authentication cookies.
The cookies are verified through headless mode, if the tokens are authentic, then more data from the victim’s channel can be extracted. At this point, the owner of the channel won’t even realise what’s happening in the background.
As the malware only focuses on cookies and not on how big the channel is, the victim’s would range in different sizes. Once the account is fully extracted, it is later sold on dark sites, as believed by Intezer. Channels with a large following are sold at higher rates. After selling the account, the new owner would either use it for their own scams or blackmail the original owner for money in exchange for their account.
In order to prevent accounts from getting hacked through such malwares, it is advised that the content creators should keep logging themselves out from time to time to nullify cookies that might have been accessed by YTStealer.
Read next: About 75% Of Top Android Apps Used By Indian Users Contain Security Risks
