New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators

2022-06-29 22:37

Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies.

"What sets YTStealer aside from other stealers sold on the dark web market is that it is solely focused on harvesting credentials for one single service instead of grabbing everything it can get ahold of," security researcher Joakim Kenndy said in a report shared with The Hacker News.

The reasoning given behind targeting content creators is that it uses one of the installed browsers on the infected machine to gather YouTube channel information.

It achieves this by launching the browser in headless mode and adding the cookie to the data store, followed by using a web automation tool called Rod to navigate to the user's YouTube Studio page, which enables content creators to "Manage your presence, grow your channel, interact with your audience, and make money all in one place."

From there, the malware captures information about the user's channels, including the name, the number of subscribers, and its creation date, alongside checking if it's monetized, an official artist channel, and if the name has been verified, all of which is exfiltrated to a remote server carrying the domain name "Youbot[.]solutions."

"Price, so access to more influential Youtube channels would command higher prices."

News URL

https://thehackernews.com/2022/06/new-ytstealer-malware-aims-to-hijack.html

#malware #youtube