Bitdefender shines light on YouTube channel hijacking


By Dylan Bushell-Embling
Wednesday, 11 October, 2023

Bitdefender shines light on YouTube channel hijacking

Cybercriminals are hijacking YouTube channels and video streams to spread scam links to phishing or fraudulent websites, according to a new report from Bitdefender.

The report details a rapid increase in YouTube stream-jacking attacks aimed at either taking full control of a real channel or redirecting victims to a spoof channel that closely mimics the legitimate one.

According to the report, the top 10 hijacked YouTube accounts have nearly 37 million subscribers between them, with the maximum number of views of a hijacked account observed being more than 3.6 billion, and all 10 accounts having nearly 10.4 billion views.

Most hijacked channels use a variation of the Tesla logo or the official logo, and the video titles often include Tesla, Elon Musk or SpaceX.

One popular method of hijacking a YouTube account involves sending a fake email to the owner of the account, usually offering a collaboration opportunity or notice of copyright infringement, and encouraging the owner to download a malicious file.

The file then steals credential data from the victim’s computer, allowing the attacker to bypass account verification features including two-factor authentication.

Once an account is compromised, attackers use methods such as embedding malicious QR codes into video streams to target viewers.

The report concludes that it is important for YouTube users to scrutinise videos with clickbait titles and avoid clicking on links that sound too good to be true or scanning suspicious QR codes.

YouTube channel owners meanwhile need to ensure accounts are set up using a unique and strong password that should be changed every three months, enable additional layers of security including multi-factor authentication, and install security solutions to protect against phishing and malicious attacks.

Image credit: iStock.com/contrastaddict

Related News

IMT sector was Australia's most targeted in 2023: report

The information, media and technology sector has been the Australian industry most targeted...

ISACA identifies gaps in AI knowledge, training and policies

85% of digital trust professionals say they will need to increase their AI skills and knowledge...

VNC accounts for nearly all remote desktop attacks

Virtual Network Computing accounted for 98% of remote desktop attacks recorded by Barracuda last...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd