• Latest
  • Trending
New YTStealer malware steals accounts from YouTube Creators

New YTStealer malware steals accounts from YouTube Creators

June 30, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Thursday, 16 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

New YTStealer malware steals accounts from YouTube Creators

by ITECHNEWS
June 30, 2022
in Infosec, Leading Stories
0 0
0
New YTStealer malware steals accounts from YouTube Creators

A new information-stealing malware named YTStealer is targeting YouTube content creators and attempting to steal their authentication tokens and hijack their channels.

In a space where multiple info-stealers compete for the attention of cybercriminals, the existence of YTStealer and its extremely narrow focus is peculiar.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

According to a report published today by Intezer, focusing on one goal has given YTStealer’s authors the capacity to make its token-stealing operation very effective, incorporating advanced, specialized tricks.

Targeting YouTube content creators

Since the YTStealer malware targets YouTube creators, most of its distribution uses lures impersonating software that edits videos or acts as content for new videos.

Examples of impersonated software that contain malicious YTStealer installers include OBS Studio, Adobe Premiere Pro, FL Studio, Ableton Live, Antares Auto-Tune Pro, and Filmora.

In other cases targeting gaming content creators, YTStealer is impersonating mods for Grand Theft Auto V, cheats for Counter-Strike Go and Call of Duty, the Valorant game, or hacks for Roblox.

The researchers also spotted cracks and token generators for Discord Nitro and Spotify Premium carrying the new malware.

According to Intezer, YTStealer is typically bundled with other information-stealers such as the infamous RedLine and Vidar. As such, it is mostly treated as a specialized “bonus” dropped alongside malware that targets password theft from a broader scope of software.

YTStealer functionality

The YTStealer malware runs some anti-sandbox checks before executing in the host, using the open-source Chacal tool for this purpose.

If the infected machine is deemed a valid target, the malware scrutinizes the browser SQL database files to locate YouTube authentication tokens.

Next, it validates them by launching the web browser in headless mode and adding the stolen cookie to its store. If it’s valid, YTStealer also collects additional information such as:

  • YouTube channel name
  • Subscriber count
  • Creation date
  • Monetization status
  • Official artist channel status

Launching the web browser in headless mode makes the whole operation stealthy to the victim, who wouldn’t notice anything strange unless they scrutinize their running processes.

To control the browser, YTStealer uses a library called Rod, a utility widely used for web automation and scraping. Hence, the YouTube channel information exfiltration happens without manual intervention from the threat actor.

Accounts sold on the dark web

YTStealer is fully automated and doesn’t discriminate between small or large YouTube accounts, stealing all of them and letting its operators evaluate their catch later.

Intezer believes the stolen YouTube accounts are sold on the dark web, with prices depending on the channel size. Obviously, the larger and more influential a YouTube channel, the more expensive it will be to purchase on dark web markets.

The buyers of those accounts typically use these stolen authentication cookies to hijack YouTube channels for various scams, usually cryptocurrency, or demand a ransom from the actual owners.

This is particularly dangerous for YouTube content creators because even if their accounts are secure with multi-factor authentication, the authentication tokens will bypass MFA and allow the threat actors to log into their accounts.

Therefore, it is suggested that YouTube creators log out of their accounts periodically to invalidate all authentication tokens that may have previously been created or stolen.

Source: Bill Toulas
Via: bleepingcomputer
Tags: New YTStealer malware steals accounts from YouTube Creators
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version