Bitdefender IT security specialists have noticed an intensification of stream-jacking attacks operated through YouTube, scams that clone official accounts or take over existing ones. Unlike the campaign discovered in October 2023, cybercriminals have refined their attack techniques to target as many users as possible.
In addition to cloning the official accounts of public figures such as Elon Musk, attackers are also taking advantage of the popularity of crypto events to launch new scams. According to research, hackers have started using deepfake technologies to create fake videos of well-known people in the cryptocurrency sphere that lend more credibility to fraud attempts. One such scam targeted the image of MicroStrategy and its founder, Michael Saylor. He appears in a series of deepfake clips where he encourages the online community to find a QR code, scan it and then send a crypto amount to be doubled. Compromised channels use variations of the official MicroStrategy logo.
Some of these deepfake videos are made in good quality and can fool a less trained eye. To prevent victims from discovering their scams, the attackers disable the live chat section of the channel, except for members who have a special status or are long-term subscribers.
During the course of the investigation, hackers compromised a significant number of channels with very large subscribers – some with over a million, the largest with 12.5 million, which shows that these attacks have gained significant scale. Once attackers take control of a YouTube account, they make several changes to make it appear to viewers that the channel is owned by the entity they are cloning:
- changing the channel name;
- restrict access to videos that become private to hide previous content;
- changing channel pictures to reflect the new identity;
- changing or removing channel descriptions, links and any other sources that could lead to the identification of the original channel.
According to the analysis carried out by Bitdefender specialists, the potential earnings of the attackers are worth between 528,200 and 600,500 dollars, depending on the quotation of cryptocurrencies.
Recommendations for YouTube channel followers:
- Stay alert to videos with click-bait titles encouraging you to invest in cryptocurrencies or promising hefty profits.
- Never scan QR codes you see in videos promoting free crypto gifts.
- Report fraud you see and stay up to date with the latest fraud campaigns.
- Be careful about the channel names you watch – if they contain unusual characters or typos, it's more than likely that channel is fake.
- Use online security tools like Bitdefender Scamio, a free service that helps detect fraud attempts and other activities that can put your personal and financial data at risk.