As one of today's most popular social media platforms, YouTube is often in the crosshairs of cybercriminals who exploit it to peddle scams and distribute malware.
Thefts of popular YouTube channels up the game further.
By extending the reach of the fraudulent campaigns to untold numbers of regular YouTube users, they give the attackers the most bang for their buck.
Cybercriminals have long been known to repurpose these channels to spread crypto and other scams and a variety of info-stealing malware, often through links to pirated and malware-laden software, movies and game cheats.
YouTubers who have had their accounts stolen are in for a highly distressing experience, with the consequences ranging from loss of income to lasting reputational damage.
Nothing could be further from the truth with the threat becoming even more acute where the accounts were not protected by two-factor authentication or where attackers circumvented this extra safeguard.
In some cases, attackers needed neither passwords nor 2FA codes to hijack the channels.
In another tried-and-tested technique, attackers leverage lists of usernames and passwords from past data breaches to break into existing accounts, relying on the fact that many people reuse passwords across different sites.
In brute-force attempts attackers use automated tools to try numerous password combinations until they find the correct one.
This method yields fruits especially if people use weak or common passwords and skimp on 2FA. Just weeks ago, the AhnLab Security Intelligence Center wrote about a growing number of cases where cybercriminals hijack popular YouTube channels, including one with 800,000 subscribers, and exploit them to distribute malware such as RedLine Stealer, Vidar and Lumma Stealer.
As the ESET Threat Report H1 2024 shows, both tools remain a major menace and often pose as cheating software or video game cracks, including via YouTube.
In some scenarios, criminals hijack existing Google accounts and in the span of minutes create and post thousands of videos that distribute info-stealing malware.
People who fall victim to the attacks may end up having their devices compromised with malware that also steals their accounts on other major platforms such as Instagram, Facebook, X, Twitch and Steam.
These tips will go a long way towards keeping you safe on the platform, including if you're a YouTuber yourself.
For an added layer of security, use 2FA not just on your Google account, but on all your other accounts.
Be skeptical of emails or messages claiming to be from YouTube or Google, doubly when they ask for your personal information or account credentials.
The same goes for apps or other software that is promoted on YouTube unless they come from trusted and verified sources.
Regularly check your account activity for any suspicious actions or login attempts.
Stay informed about the latest cyberthreats and scams targeting you online, including on YouTube.
Report any suspicious or harmful content, comments, links, or users to YouTube.
This Cyber News was published on www.welivesecurity.com. Publication date: Tue, 02 Jul 2024 13:13:06 +0000