For most, YouTube is a harmless video platform where you can relax and consume content about anything from makeup tutorials to book reviews. Unfortunately, like any other social media platform today, it can also be rife with scams, misinformation, and general bad actors.
Confirming this, a recent report from AhnLab SEcurity intelligence Center (ASEC) discovered a growing number of threat actors have been taking over well-known YouTube channels to distribute malware.
Previously, it was more common for threat actors to create new channels without much traction. Now, many have been taking over popular channels to expand their reach — with one impacted channel boasting over 800,000 subscribers.
Tricking victims into downloading
A common way bad actors trick victims into downloading malware is by posing as a legitimate software company, such as by breaching official websites or blogs. Other times, they add a listing to a file-sharing or torrent site.
Whatever the case may be, if someone finds themselves in this scenario, they could download malware instead of the genuine program they’re looking for.
In the case of YouTube account takeovers, the threat actor creates a video linking to a cracked version of a normal program in the description, often making it appealing by advertising a typically expensive program as free, such as Adobe. Other times, the video might be about a fake sponsorship, with the description link leading to a malicious download. According to ASEC, the program is usually uploaded to MediaFire and compressed with password protection, most likely to avoid detection by a computer’s security solutions.
The Malware
The malware most commonly spread via YouTube has been the info stealers RedLine Stealer, Vidar, and Lumma Stealer. An info stealer is often a trojan virus that can hide itself on the victim’s system and steal sensitive information such as Passwords saved across all your browsers, general information about your computer, cookies, computer search history, credit card numbers, and more. According to welivesecurity, Lumma Stealer is particularly nasty, targeting other areas like 2FA browser extensions, crypto wallets, and more.
How to protect yourself from account takeovers and malware
This is an issue for creators and viewers alike. What can they do to avoid becoming a victim?
In the case of YouTube, takeovers occur for the same reasons as any other type of account breach — lack of 2FA, threat actors using password combinations from previous breaches, phishing, and brute force. One YouTuber was even compromised because of hijacked session cookies. So, if you have a YouTube channel, ensure that you:
- Enable 2FA: 2FA has been mandatory for monetized YouTube creators since late 2021. But it’s essential to have that extra layer of protection even if you’re not monetized, so implement it if you haven’t already.
- Practice password hygiene or use a passkey: You know the drill. Keep them long, with a variety of characters, and never reuse them. Ever.
- Approach emails with caution: Just because an email claims to be from Google or YouTube, that might not always be the case. So be extra careful when following links or downloading attachments.
- Pay attention to account activity: If there are any suspicious logins activities, you want to be the first to know.
For casual YouTube watchers, you should take the previous points into consideration, keep up-to-date with cyber threats and scams, report and block suspicious content, and never click on links you aren’t entirely sure are safe.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.