According to the recent research, YTStealer malware can hijack YouTube/Digital Information World channels

Cyberattacks via various malware are becoming more and more frequent. A new malware, namely YTStealer, has been identified. The main aim of this malware is to steal information from YouTube channels of different content downloaders. After extracting the data, the next step would be to resume their channel.

According to a blog post by Intezer, since the malware only focuses on one thing, it has more potential to steal authentication cookies on the video sharing hub.

The malware performs its operation by baiting the target where it would imitate itself as video editing software. The imitated software includes Adobe Premier, OBS Studio, Filmora and many other famous video editing software.

If the YouTube channel belongs to a video game streamer, the malware will present itself as cheat codes for famous games such as Counter Strike or COD or as a mod for GTA V.

Before settling into its home, the malware performed an anti-sandbox check. This step is executed with the help of Jackal. Once the system has been approved for further actions, YTStealer begins by examining the SQL (Structured Query Language) database files, which would lead it to the authentication cookies.

Cookies are verified via headless mode, if the tokens are genuine then more data from the victim channel can be extracted. At this point, the channel owner won’t even realize what’s going on in the background.

Since the malware only focuses on the cookies and not on the channel size, the size of the victim would be different. Once the account is fully mined, it is then sold on dark sites, as Intezer thinks. Channels with large audiences are sold at higher rates. After selling the account, the new owner would use it for their own scams or blackmail the original owner for money in exchange for their account.

In order to prevent accounts from being hijacked by such malware, content creators are advised to log out from time to time to cancel cookies that YTStealer may have accessed.

Read next: About 75% of top Android apps used by Indian users contain security risks

Raymond T. Helms