Crypto cameras are everywhere. Another multi-million YouTube channel hacked
On March 23, hackers hacked the popular technology YouTube channel Linus Tech Tips , as well as several subsidiaries. The total number of subscribers of these resources is 21 million people. The attackers offered viewers not reviews of technology, but an advertisement for another fraudulent crypto project.
How it was hacked and who suffered
Over the past year, YouTube has been rocked by several high-profile cases of hacking popular channels and promoting scam projects. So, in September 2022, tens of thousands of viewers watched live a video that pretended to be a presentation of Apple’s blockchain products. The scammers replayed an old interview with Tim Cook, providing the video with the Bitcoin and Etherium logos, and adding links to a suspicious crypto site in the description.
The fake stream was not on the official channel. But that day, Cook was speaking at the Vox Media Code conference. The scammers clearly took advantage of this to mislead viewers.
In April 2022, a strange video appeared on the official YouTube channels of Lil Nas X, Eminem, Drake, Taylor Swift, Ariana Grande, Harry Styles, The Weeknd, Michael Jackson, Kanye West and other artists with the title “Free Paco Sans”. It turned out that the action is dedicated to the Spanish fraudster: the hackers demanded his release from prison.
Google is aware of the problem: back in 2021, security researchers explained exactly how hackers hack YouTube channels. It is not uncommon for channel owners to leave an email address for commercial offers. Attackers compose a letter posing as an advertiser. And as soon as the victim agrees to cooperate, the crooks send the documents in the form of a file uploaded to the cloud hosting.
The file is embedded with malware designed to steal cookies from the browser. This allows anyone to re-session their YouTube account by impersonating the blog owner.
How to protect yourself
Good Corporation announced that it has improved algorithms for detecting phishing and malicious emails, and also tightened account security rules. If you attempt to perform critical account activity on a new device, YouTube may ask you to do so from the computer or smartphone you were previously using.
In addition, the company’s experts recommend activating two-step verification and the Enhanced Secure Browsing feature . And before opening any files, they should be checked for viruses through services like VirusTotal .
The Verge journalist Tom Warren suggested another way to protect Google: you need to require confirmation of important actions on behalf of the second account that is attached to the channel. However, it is unclear whether the tech giant will implement such a measure.