YouTube stream-jacking attacks are becoming more dangerous

How to make money on YouTube
Image credit: Shutterstock (Image credit: Shutterstock)

So-called stream-jacking attacks are advancing at a worrying pace, according to new research from Bitdefender.

The cybersecurity firm claims that is has been keeping an eye on the trend since October 2023, as high-profile YouTube accounts were hijacked "to conduct a myriad of crypto doubling scams."

However, Bitdefender says this year has brought something new, as these attacks have been evolving over the past couple of months in order to reach a wider audience and make their spoofs of crypto-related news appear more legitimate than ever.

Advanced tactics

Such advancements involve coopting real and popular news announcements to monetize fake livestreams. For instance, threat actors conducted livestreams under the title "SpaceX Launch Starship Flight Test! Elon Musk gives update on Starship!" on popular YouTube channels that were marked as verified but which they had compromised. These are usually compromised using info stealing malware to gain access tokens.

Bitdefender also found these livestreams were artificially boosting the viewer count in order to lend further credibility to the stream. The scammers also used variants of the names of official channels. In the case of @SpaceX, they used @spacex1. 

Other events scammers have made use of include the trial of the SEC versus blockchain developer Ripple Labs. Bitdefender noticed multiple fake livestreams around the important November 30th date in that trial. The same was true when Changpeng Zhao stepped down as CEO of Binance, and Tesla's Cybertruck was launched.

Bitdefender has also noted the rise in deep fakes of popular figures in the crypto industry. The company says that "some of the observed deep fakes are of decent quality and could easily fool an untrained eye." These videos often ask viewers to scan a QR code to send over their crypto, with the promise of it being doubled.

The live chat for these streams is also disabled, in order to prevent viewers from calling out the scam. Only selected members can comment, or those that have been subscribed to the channel for a long time. However, Bitdefender found an example where one channel required a subscription duration of 52 years before messages could be sent. 

Bitdefender says these operations can be very profitable for threat actors, with potential earnings of over half a million dollars. It believes these figures are alarming, "and the need to raise awareness of such frauds is paramount."

MORE FROM TECHRADAR PRO

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
A TV remote pointing at YouTube logo
YouTube warns of phishing video using its CEO as bait
ransomware avast
Ransomware, deepfakes, and scams: the digital landscape in 2024
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
Smartphone with new logo X twitter app background. Application twitter old blue bird change X black and white new.
Phishing campaign targets prominent X users, accounts at risk
Robotic hand clicking on captcha 'I am not a robot'.
Double clicking danger - experts warn just two clicks can let attackers steal your accounts
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Latest in Security
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Latest in News
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Meet create custom backgrounds
More AI features are coming to Google Workspace