Is called YTSealer and, as the name suggests, it is a malware designed to hit a very specific target: youtubers. The malware can steal the authentication cookies from YouTube creators: we are talking about cookies that are used to store a user in memory, to allow him access in the future without having to re-enter the login details.
YTSealer does not take care of the other social networks, but is designed exclusively for steal credentials youtube.
YouTube has long been a valuable resource for criminals who, by stealing the accounts of the biggest content creators, can use their scams to reach a very large audience.
YTStealer opens the browser in headless mode, ie in the background, without anything appearing on the computer. Then hackers can remotely log into the YouTube Studio page and publish whatever they want. Maybe the promotional video of a fake cryptocurrency contest.
The malware then steals everything that can be stolen: channel information, number of subscribers, what videos are monetizing, and so on. The data is sent to a private server registered with a legitimate company in New Mexico. It is unclear whether the servers have been misused or whether the company in question is involved in the fraud. The first hypothesis is more likely.
The malware is distributed through some cracked versions of popular video editing programs, such as OBS Studio and Adobe Premiere. “We don’t know how the stolen channels are being used, it’s not part of our investigation,” explain the Intezer researchers who discovered and reported the malware. “We think it’s likely they could be used for to cheat channel subscribers”.
Source: Lega Nerd
