Hacker explains how Youtube channels are being stolen

Social engineering is the main weapon of attack, being much more important than malware itself.

Recently a series of major attacks have hit major Brazilian YouTube channels, such as Angry, a channel over 11 years old and one of the largest in the game niche, and Peter Jordan’s Ei Nerd channel, with over 10.8 million subscribers. The problem is attracting the attention of several youtubers of different sizes, precisely because of the risk of losing the channel to such a coup.

The „ethical hacker“ Gabriel Pato has published a malware analysis that may have been used to attack the channels. Gabriel explained a little bit about how the virus works (until simple), where it comes from, what types of information it steals, and what strategies were used to infect YouTubers.

It is worth mentioning that malware attacks are not something isolated or even new, since the attack has happened countless times and has even generated legal problems for YouTube.

Just as it happened with YouTube channels abroad or even in past examples here in Brazil, the main reason for the attacks is to use the channels as a bridge between the subscribers and a classic coup that steals cryptomorphs.

Hacker attack demonstrates knowledge and sophistication

One of the most interesting points of the attacks is that it is all done through a phishing tactic with a certain level of sophistication. The first wave of blows, which ended up taking some medium-sized channels, focused on the niche of games, precisely to give more credibility to the tactic and all the talk that led to the final attack.

Unlike most phishing attacks that happen on the Internet, where millions of messages are sent to users in the hope that someone makes a mistake, YouTube hackers have a segmented and direct strategy.

Until recently they’ve been looking for game channels, passing themselves off as independent game developer and offering test keys and paid advertising opportunities. Bruno Correa, YouTuber of 7.15 million subscribers, told on his channel how someone pretending to be the Slormite developer tried to apply the coup to him.

In the video he also says that in 1 week, three attempts of scams were applied. All of them passing themselves as independent developers. In one of the e-mails, passing by the developer of Spelunky 2, the „company“ offered the amount of $ 9,500 dollars for the production of the video, and the key to the game.

The problem became so common that even independent developers began to alert players and content creators about the risk of scams and the use of fake emails used by scammers.

Social engineering is the main weapon of attack, being much more important than malware itself. And one of the main strategies for the group’s success is the use of emails with phishing domains and even a language compatible with YouTube’s standard activities.

Fake emails and high level language are part of the YouTube hack scam

The scam starts with email or whatsapp contact and unlike simpler scams, the language is very similar to the kind of conversation that happens between content creators and developers.

There are mentions about the embargo (period in which no information about the game can be disclosed) and several other terms that, even for those who are already used to this niche, give credibility to the whole conversation.

In a video explaining what happened to his channel and how it was hacked, Angry revealed that it was exactly this PDF that induced him to error and caused serious damage to his channel (which has now been recovered).

What is interesting are the e-mails used by the hackers. Previously they used the domain @gmail.com, but to further increase the possibility of cheating the content creators, recently they started to buy their own domains.

In the case of the virus that stole the channel from Angry, the email was sent through the address with domain @cyberpunk2077.icu. Other creators received the contact from @cdprojektred.media.

As you can see on the official website of CD Projekt Red, the official email of the company is @cdprojekt.com

As you can see, the similarity is enough to fool people who are not very attentive to what is happening.

How does the malware that brought down the Angry Channel work?

According to the investigation carried out by Gabriel Pato, the malware that I was used in the recent attacks is known as RedLine, a well-known Russian application in cyberspace and widely sold in hacking forums.

RedLine acts as a „stealer“, almost an evolution of the keylogger. The term „stealer“, which is nothing more than „thief“ in English, specializes in theft of different information, it can be adapted for different campaigns.

It can be found in Russian forums for about $ 200 per month (subscription plan). Among its features, it can steal passwords and data saved in browsers, credit card numbers and passwords, information about the system and the user and recently it has been updated to also steal cryptomeda wallets.

Returning to Gabriel Pato’s investigation, he discovered which server the virus communicates with once it is installed on the victim’s machine.

By analyzing the malware, Pato determined that it does not fully utilize its functions on infected computers. RedLine is programmed only to search and steal data from the browser (cookies, saved passwords, location, etc.), besides making a screen capture of the user.

To make matters worse, RedLine has a series of barriers and features to avoid simple antivirus analysis. Windows Defender and even other analyzers are not able to determine that there is something wrong inside the downloaded file.

All this data is compiled in a single file and sent directly to the control server indicated just above. But why are hackers interested in this data?

Well, the answer is simple, the most important information for this virus is the browser cache data and cookies.

YouTube hacker viruses can pass through the authentication of two factors

During the attacks, many questioned whether YouTubers were using two-factor authentication (2FA) to protect themselves. The problem is that because RedLine acts, it can go through two-factor authentication, because it not only steals the password, but also the cookie and cache data that can allow the hacker to simulate being the same person.

Since 2FA is used for new logins and RedLine steals the data where logins have already been made and authenticated, there is no request for new authentication. With a few minutes the hacker can change all the passwords he wants, without having any kind of barrier.

Virus can start a campaign against make-up channels

Also through his investigation, Gabriel Pato discovered that one of the domains (cyberpunk2077.icu) was registered in another e-mail: katemiller8428@gmail.com, probably a fake e-mail or stolen from someone to register the domains for the con. But what he noticed is that recently new domains were registered, all passing through makeup brands:

  • avon-company.site
  • marykay-promo.sites
  • maybelline.space
  • mkglobal.site
  • marykayglobal.site

With this, there is a high probability that the next wave of blows will target the influencers and content creators who talk about make-up and may have contact with these companies.

And in the end, why are they hacking YouTube channels?

A new game was released, Cyberpunk 2077, so channel owners about games became hackers‘ targets. The tactic is social engineering, to offer some partnership and ask the channel owners to install software, in this case, the virus.

The purpose of the coup is to apply a second coup, this time with cryptomoedas through the classic „send x Bitcoins and we will send double“, something that never happens, of course.

The stolen channels have their name changed and show infinite lives with these Bitcoin promises for free for those who send a quantity of coins to a certain wallet.

It is not known if the person who is stealing the accounts is the same person who applies the Bitcoin scam or if they sell the access of these channels on the black market to those who are interested in applying this kind of strategy.

Bitcoin w „Gold“ i „Diamond“, This Duo BTC Hard Forks Suddenly Rallied Out of the Blues

Pierwszy i największy aktywo kryptograficzne według kapitalizacji rynkowej, Bitcoin (BTC), był ostatnio na imponującym rajdzie. Bitcoin (BTC) zdobył 16 tys. dolarów, 17 tys. dolarów i 18 tys. dolarów oporu w handlu na nowym rocznym poziomie 18.940 dolarów. Nie tylko Bitcoin, ale również przestrzeń Altcoin został uderzony przez wybuchowy rajd. Druga co do wielkości kryptokur waluta Ethereum (ETH), osiągnęła rekordowy poziom powyżej 500 dolarów, poziom ostatnio notowany od 2018 roku.

Trzecia co do wielkości kryptofaktura, Ripple (XRP), ukradła pokaz, kiedy przekroczyła wartość 0,3 USD oporu klucza do handlu na poziomie bliskim 0,5 USD. Inne Altcoiny z top 100 kategorii również wyruszyły na zapierające dech w piersiach rajdy. Bitcoin, lider rynku kryptograficznego, otrzymał różne pieczątki zatwierdzenia.

Rick Rieder, CIO BlackRock’s Fixed Income niedawno stwierdził, że „Bitcoin jest tutaj, aby pozostać, ponieważ zajmie miejsce złota w dużej mierze [ponieważ] jest to bardziej funkcjonalne niż przekazywanie sztabki złota wokół“.

Bitcoin jest czasami nazywany „cyfrowym złotem“ ze względu na jego unikalne właściwości przechowywania wartości. Najbardziej zagorzali zwolennicy Bitcoin’a wierzą, że w końcu weźmie on znaczną część kapitału rynkowego złota, ponieważ więcej inwestorów zdaje sobie sprawę z jego użyteczności. Ceniony w złocie, 1 Bitcoin jest obecnie warty 9.961 uncji.

Wydaje się mało prawdopodobne, aby był to początek dłuższego rajdu dla tych krypto-aktywów

Widelce Bitcoinów – Bitcoin Gold (BTG) i Bitcoin Diamond (BCD) mogą być mniej popularne, ale podkreślają one wewnętrzną wartość sztandarowego składnika aktywów.

Co ciekawe, ten duet twardych widelców BTC zebrał się wraz z innymi Altcoinami po wcześniejszym uśpieniu. W ciągu siedmiu dni, Bitcoin Gold (BTG) i Bitcoin Diamond (BCD) wzrosły odpowiednio o 29% i 21%. Pozostaje pytanie – dlaczego te monety, które wcześniej były uśpione, nagle miałyby wzrosnąć? Nikt jeszcze nie jest pewien, co doprowadziło do ich rajdów. Wydaje się mało prawdopodobne, aby był to początek dłuższego rajdu dla tych krypto-aktywów.

Bitcoin Gold (BTG) jest obecnie 74. na rynku monet, a Bitcoin Diamond (BCD) 97. miejsce. Bitcoin Gold (BTG) jest obecnie notowany na 9,57 USD.

Bitcoin w „Gold“ i „Diamond“

Bitcoin Gold jest otwartą walutą kryptograficzną, twardym widelcem Bitcoin (BTC). Bitcoin Gold został utworzony, aby „zdecentralizować Bitcoin ponownie“. Może to brzmieć sprzecznie, ponieważ Bitcoin jest już zdecentralizowany, ale miało to związek z procesem wydobycia. Ma to na celu zmianę algorytmu wydobywczego Proof of Work (PoW), ponieważ prędkość procesu wydobywczego jest wolniejsza na specjalistycznych urządzeniach niż na standardowych. Twórcy Bitcoin Gold skupili się również na kwestiach związanych z dystrybucją, przejrzystością i ochroną, oprócz celu „re-decentralizacji“.

Podpisy Schnorra znajdują się na mapie drogowej, co umożliwiłoby podpisanie wielu wejść jednym podpisem, dzięki czemu mielibyśmy wystarczająco dużo miejsca w łańcuchu blokowym i nie przepełnilibyśmy go.

Ta funkcja może spowodować, że firma BTG będzie się rozwijać jak wszystko inne, wraz z integracją sieci piorunowej.

W ciągu pięciu lat Bitcoin Gold może w końcu osiągnąć dzięki realizacji projektu BTG Plasma Specification Project. Analitycy wspomnieli, że może to spowodować, iż Bitcoin Gold znajdzie się w rankingu 20 największych walut kryptograficznych.

Bitcoin Diamond (BCD) jest również twardym widelcem Bitcoinu. Widelec występujący na wysokości bloku 495866, wprowadził zmiany, w tym nowy algorytm sprawdzania poprawności działania zniechęcający do ataków w sieci i segregujący podpisy transakcji od transakcji w łańcuchu na dodatkową przepustowość pozwalającą na większą liczbę transakcji na sekundę w całej sieci.

Polkadot launches new DEX – will Ethereum face competition?

In the DeFi hype, new projects are created every day. One of them is a new decentralized trading post on Polkadot. The Ethereum competitor is making great strides and is now providing the first decentralized exchange on Polkadot.

First Polkadot DEX launched

Today was the official start of the DEX polka starter. The platform was designed for cross-blockchain token pools and auctions with the aim of enabling projects to raise capital on the Polkadot network.

Polkastarter was officially announced in September when the project listed its native Bitcoin Future token on Uniswap. It has now gone live with the first liquidity pool offering rewards for swapping ETH for POLS.

There are two other pools still in the testing phase to offer swaps with SpiderDAO, an online privacy-based project.

What are the advantages of the DEX?

Although Polkastarter is entering an already crowded DEX ecosystem, it will add new features like cross-chain pools, support for any asset, fixed swap pools, and a secure, listed pool.

It also allows projects to list tokens at a fixed price. This should help ensure less volatility at launch as prices will be maintained as long as the original inventory of tokens remains.

DEX already has a growing list of partners, including the secure data transfer platform Shyft Network, the Moonbeam Network, which deals with the Solidity programming language, the Orion Protocol automated liquidity provider, the API service provider Covalent and the open source Oracle -Decentralized Information Asset (DIA) platform.

Institutional investor Digital Finance Group has also pledged financial support for the platform.

Polkadot, which operates the new DEX, has openly stated that it targets Ethereum and wants to „go well beyond the current ERC-20 standard.“

Choose the best and safest exchange for you

Choosing the right provider is not always easy. Therefore, we recommend you to take a look at our Bitcoin Broker & Exchange Comparison. Trade on the safest and best exchanges in the world!For comparison

Polkastarter’s native POLS token hit a price of USD 0.85 shortly after it launched in September. But like most of the new DeFi tokens, there was a strong sell-off afterwards.

Now that DEX is finally going live, the POLS price has also risen. Overall, the token has achieved almost 100% since the beginning of December. Polkadot’s native DOT token has been relatively unchanged since peaking above $ 6.30 in early September.

We are curious how the coming weeks and months will affect Polkadot and the various decentralized applications.