Stream-jacking targets popular YouTube channels
New research from Bitdefender reveals a rise in 'stream-jacking' attacks against high-profile accounts in order to spread fraudulent messages.
The attacks may involve a full account takeover or simply luring followers to a mimicked channel with the promise of rewards using various techniques including livestream pop-ups, QR codes, and malicious links.
All of the top 10 hijacked accounts involved the Tesla brand and there's evidence that the tactic works. The maximum number of subscribers of a hijacked account observed was nearly 10 million, with the maximum number of views of a hijacked account about 3.6 billion.
The channels try to make themselves look official, with names like Tesla Official, Tesla US, Tesla News and Tesla (Inc). Many of these in fact use 'homoglyphs' where the letter L has been substituted for an uppercase i. They mostly use the same thumbnails featuring Elon Musk too.
What are described as 'livestreams' are in fact looped content of things like Tesla shareholder meetings. Where the comment section of the stream is enabled, only subscribers of 10 or more years standing are allowed to comment, preventing savvy users aware of the scam from alerting others. In some cases the streams are also boosted with inflated numbers of views and subscribers to make them look more legitimate.
At the root of all this are, of course, cryptocurrency scams. Scanning a QR code or clicking a link follows the familiar, "Send us X amount of crypto and we'll double it," pattern of fraud.
The scam is created using a phishing kit promoted on a Telegram channel. Bitdefender researchers have uncovered more than 1,300 videos that promote crypto scams on similar websites that likely came from the same phishing kit.
You can find out more along with tips to spot and prevent attacks on the Bitdefender blog.