YouTube content creator credentials are under siege by YTStealer malware


YouTube content creator credentials are under siege by YTStealer malware

Getty Images

In online crime forums, specialization is everything. Enter YTStealer, a new piece of malware that steals authentication credentials belonging to YouTube content creators.

“What sets YTStealer aside from other stealers sold on the Dark Web market is that it is solely focused on harvesting credentials for one single service instead of grabbing everything it can get ahold of,” Joakim Kennedy, a researcher at security firm Intezer wrote in a blog post on Wednesday. “When it comes to the actual process, it is very similar to that seen in other stealers. The cookies are extracted from the browser’s database files in the user’s profile folder.”

As soon as the malware obtains a YouTube authentication cookie it opens a headless browser and connects to YouTube’s Studio page, which content creators use to manage the videos they produce. YTStealer then extracts all available information about the user account, including the account name, number of subscribers, age, and whether channels are monetized.

The malware then encrypts each data sample with a unique key and sends both to a command and control server.

The structure of the YTStealer code and the unique identifier used for each sample leads Intezer to suspect that YTStealer is being sold as a service to other threat actors. Company researchers further noticed that files used to install the malware on victim computers loaded other credential stealers, including ones called RedLine and Vidar.

Many of the files are disguised as installers for legitimate tools or software. They included fake installers for:

  • OBS Studio, a piece of an open source streaming software
  • Video editing software, including Adobe Premiere Pro, Filmora, and HitFilm Express
  • Audio applications and plugins such as Antares Auto-Tune Pro, Valhalla DSP, FabFilter Total, and Xfer Serum
  • Game modes and cheats for games such as Grand Theft Auto V, Roblox, Counter-Strike, and Call of Duty
  • Driver tools such as “Driver Booster” and “Driver Easy,” which bill themselves as a means for improving gaming computer performance
  • “Cracks” for legitimate software or services including Norton Security, Malwarebytes, Discord Nitro, Stepn, and Spotify Premium

Hardcoded into the YTStealer is the domain youbot[.]solutions. It’s not immediately clear if the domain is connected to Youbot Solutions LLC, which is registered in the New Mexico registry of corporations. Attempts to reach the company for comment weren’t successful.


Source : https://arstechnica.com/?p=1863620

Leave a Comment

SMM Panel PDF Kitap indir
erotica x videos dorporn.com tamil sex mms telugupussy palimas.mobi xnxpunjabi سكس في جيم arabsexeporn.net سكس خلفى عربى gma voltes v cast teleseryehot.com a2z channel 11 山口理紅 javmobile.mobi rebdb-346
hentai artist cg hentaiact.com copipe manga سكس جامد موت hqtube.pro سكس بنات صغر richard yap family hdteleserye.com gen youtube downloader سكس مصرى فلاحه sexarabporn.net نيك كويتى hitozuma life: one time gal 2 madhentai.net hellabunna hentai
bazaar full movie chupaporn.com hind xxx vido 巨乳マニア javlibrary.pro 西野なこ جوني سنس pornovuku.info اكل كس fucking pornstar bukaporn.com marathi bhabhi sex xxx movies gonzo barzoon.info dj punjab