youtube channels are hacked
Read Time:4 Minute, 16 Second

Google’s Threat Analysis Group recently warned  that cybercriminals are Hijacking youtube channels with a huge subscribers base, This campaign is run by Russia’s Darknet Market Forum, a group of hackers strongly motivated for Financial fraud Channel Hijacking

According to the report by Google, these hackers are using various procedures to Hijack Youtube Channels the fanciest way is Phishing, Malware Injection and Cookie Stealing malware, Another interesting thing is that  they are also recruiting Hackers for Two Type Of Jobs Light Advertising and Full Stack Advertising, in Light Advertising the hacker will get a revenue share of 25% from Hijacked  Channels and 70% for Full Stack Advertising, The hijacked channels are being sold between $3 USD to $4,000 USD in the Russian speaking market forum 

Over the past 12 months, Popular Youtube channels were hacked worldwide and a Live Streaming was broadcast promoting cryptocurrency, claiming that they are launched a new cryptocurrency that was a scam, Since 2019 there are a large number of youtube accounts hacked videos deleted overnight and Youtubers are struggling for the recovery

let’s see the detailed walkthrough on how the Youtube accounts are being hacked by hackers and how you should protect yours

how are youtube channels hacked

Google’s threat analysis group has published the most popular methods used by hackers to hijack youtube channels, As per Google’s claims they have been blocked 1.6M messages to targets since May 2021 and restored 4K accounts

There are a lot of procedures used by hackers to hack your youtube account, here some of the popular methods

  • Phishing
  • Malware
  • Cookie Stealing
  • Social Engineering

 

Phishing

Phishing is not a new word to this digital world, Earlier cybercriminals used to phish on YouTubers to steal their login credentials, this method was most popular and the success rate was good until google’s safe browsing technology blocked these attempts by the spam filters and google reported more than 1000 domain are used in the phishing campaign

here google published the most used domains list used for Phishing practices

Top Phishing Domains:

pro-swapper[.]com
downloadnature[.]space
downloadnature[.]com
fast-redirect[.]host
bragi-studio[.]com
plplme[.]site
fenzor[.]com
universe-photo[.]com
rainway-gaming[.]com
awaken1337[.]xyz
pixelka[.]fun
vortex-cloudgaming[.]com
vontex[.]tech
user52406.majorcore[.]space
voneditor[.]tech
spaceditor[.]space
roudar[.]com
peoplep[.]site
anypon[.]online
zeneditor[.]tech
yourworld[.]site
playerupbo[.]xyz
dizzify[.]me

 

Malware

In this method hackers used to collect the youtube channel’s email address and reach out to them for sponsoring content, claiming they have launched a new product of software like Antivirus, Music Player, Covid19 tracking software etc, they used to convince YouTubers to install the malware and get into their Computers and steal the account credentials, this method gives hackers the most success rate than many other methods

here is the malware list detected by Google

  • RedLine (commodity)
    • 501fe2509581d43288664f0d2825a6a47102cd614f676bf39f0f80ab2fd43f2c
    • c8b42437ffd8cfbbe568013eaaa707c212a2628232c01d809a3cf864fe24afa8
  • Vidar (commodity)
    • 9afc029ac5aa525e6fdcedf1e93a64980751eeeae3cf073fcbd1d223ab5c96d6
  • Kantal (share code similarity with Vidar)
    • F59534e6d9e0559d99d2b3a630672a514dbd105b0d6fc9447d573ebd0053caba (zip archive)
    • Edea528804e505d202351eda0c186d7c200c854c41049d7b06d1971591142358 (unpacked sample)
  • Predator The Thief (commodity)
    • 0d8cfa02515d504ca34273d8cfbe9d1d0f223e5d2cece00533c48a990fd8ce72 (zip archive)
  • Sorano (open source)
    • c7c8466a66187f78d953c64cbbd2be916328085aa3c5e48fde6767bc9890516b
  • Nexus stealer (commodity)
    • ed8b2af133b4144bef2b89dbec1526bf80cc06fe053ece1fa873f6bd1e99f0be
    • efc88a933a8baa6e7521c8d0cf78c52b0e3feb22985de3d35316a8b00c5073b3
  • Azorult (commodity)
    • 8cafd480ac2a6018a4e716a4f9fd1254c4e93501a84ee1731ed7b98b67ab15dd
  • Raccoon (commodity)
    • 85066962ba1e8a0a8d6989fffe38ff564a6cf6f8a07782b3fbc0dcb19d2497cb
  • Grand Stealer (commodity)
    • 6359d5fa7437164b300abc69c8366f9481cb91b7558d68c9e3b0c2a535ddc243
  • Vikro Stealer (commodity)
    • 04deb8d8aee87b24c7ba0db55610bb12f7d8ec1e75765650e5b2b4f933b18f6d
  • Masad (commodity)
    • 6235573d8d178341dbfbead7c18a2f419808dc8c7c302ac61e4f9645d024ed85
  • AdamantiumThief (open source)
    • Db45bb99c44a96118bc5673a7ad65dc2a451ea70d4066715006107f65d906715

 

Browser Cookie Stealing is another popular method to hack the YouTubers this is the most powerful attack where the attacker steals the session cookies of the victim and changes the credentials, this attack is also caused by installing the malware

how to protect your youtube channel from hackers

There isn’t any guarantee that your account is unhackable but you can prevent it by following some security practices such as

  • 2-factor authentication
  • Safe browsing warnings
  • Avoid spammy emails
  • Install software from trusted sources

 

Use 2-factor authentication, by using this feature you can save your account even if your login credentials are in the wrong hand, each time you log in to your account you have to verify your passcode

most of us ignore the Safe browsing warnings from our browser, but sometimes you will be notified if your password was breached or used somewhere, you must regularly update your passwords, if you can’t remember all your passwords then you have to use a good password management software

Avoid spammy emails is another good practice, sometimes cybercriminals use email spoofing to get you in their trap, by using fake Advertising offers, fake copyright strikes there are many other methods they use for social engineering you must be aware of the person, and do some research while accepting sponsorship emails

Always try to avoid clicking on spammy links, often hackers hijack domains and inject fake software update popups that’s why downloading software from trusted sources is recommended

Also Read:

Reverse Engineering Work From Home Online Jobs Frauds

Govt Launches National Helpline Number to Prevent Financial Cyber Frauds

Final Words

However, these are the basic methods hackers use to hijack an account but there are even more advanced methods out there that’s the story for another day, following these best practices will surely protect you from potential attacks, if your channel is already hacked by someone then you can contact youtube under the hacked channel and recover it

About Post Author

Indian Cyber Troops

Indian Cyber Work For Nation's Wellness And Nation's Security We Share new and unique things with you Jai Hind Jai Shri Ram