YouTube accounts of content creators stolen to distribute malware

The cybersecurity company ESET has analyzed the distribution method of infostealer-type malware by hacking the accounts of content creators on YouTube.

The modality is not new, but it does cause damage to the affected YouTubers. By sending phishing emails, attackers have access to victims’ accounts. “Cyberattackers send an email in which they tempt the content creator with some type of agreement – they propose to sponsor or promote the account – and attach a supposed DropBox file with details of the commercial conditions.”

The file they send is the one that will spread the infostealer-type malware, through which they will obtain the access credentials of the target account (and even 2FA, two-factor authentication).

According to experts, this infostealer “includes a script that will delete the cookies from the computer and force the user to enter the account login credentials again, and at that moment it will send the information to the cyberattacker.”

When they obtain the access keys, they distribute the virus, usually sharing content other than that of the original account and deleting all old material.

Among the consequences for those affected is the possibility of the channel closing, or the demonetization of its videos, up to the loss of followers.

It is important to highlight that digital criminals also have a preference for YouTube channels that promote pirated video games. To carry out the attack, “they post links in the descriptions of the videos that actually take victims to sites that distribute infostealer-type malware.”

Regarding measures to protect yourself in the event of an account hack, the Google support team suggests as a first measure “recover the hacked Google account associated with the YouTube channel and update the password and activate two-factor authentication.”

Secondly, “revert any unwanted changes that the malicious actor may have made to the YouTube channel in order to avoid violations of copyright or Community Guidelines. In cases where the channel has been closed post-hack, once the Google account has been recovered, you can appeal the closure of a channel.”

The technology company makes available to those who are part of the YouTube Partner Program, an assistance team especially for the YouTube creator segment.

M.Pino

Source: descifrado

(Reference image source: Christian Wiediger in Unsplash)

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on Twitter and Instagram