YouTube Hack — The Elon Crypto Scam — Part 1
A Deep-dive into what has become a major problem in YouTube
Hey there! You know what’s trending nowadays? Crypto and scams — seems like they go together like peanut butter and jelly. But wait, before you start thinking that I’m here to talk about some scammy cryptocurrency or a rug pull, hold your horses! I’m a cyber security person, and I love talking about hacks and malwares — and most importantly, keeping you safe from them. So buckle up, we’re about to dive into a serious issue that is plaguing YouTube
Where it began?
A few months back I was scrolling my YouTube feed when I noticed a live stream with Elon Musk’s face as the thumbnail. The channel was called “ARK Investment — Elon Musk”. Here is the Screenshot:
As the ever curious person that I am, I clicked on it. After few minutes of watching it, I knew there was something wrong here. The channel just had this live stream where as the previous videos are removed from the channel home page. This channel has over 2.68 Lakh or 268K followers. I clicked to check the previous videos that they have uploaded.
To my surprise, none of them were related to crypto or Elon. I recognized those videos immediately. It was from a local business I knew. I have watched a few of their videos before and hence the recommendation of this live stream in my feed.
Okay! But why?
Has the local business I knew wanted to get into Crypto and started shilling bitcoin? Nah! The answer is much more obvious than that. The account was hacked. When I look at the about section, the account clearly shows that it belongs to the said local business.
The people managing the account probably fell victim to a phishing attack. Now, the account is compromised and this group is a live stream where Elon Musk is talking about Bitcoin and the future. The chat facility is limited to only subscribers (although, they would remove any comments which would call them out on their scam).
What happened to this channel?
I knew I had to work fast. I tried contacting the local business over the phone. Since this had happened after working hours there was no one at the business to pick up the call. Luckily, after several failed attempts, I was able to get in touch with the staff. He had no idea what I was talking about but was kind enough to give me the phone number of their manager.
I went about calling the manager and relaying the whole story. Oh, boy was he suspicious! Even though he didn’t have a clue that their channel was compromised, he asked me if I could send him screenshots.
Finally, he got hold of the situation and now the account has been restored. But, this isn’t always the case. There are so many channels which were compromised by this group(s) of hackers which did not get restored.
The Hack
Recently, a famous YouTube channel called Linus Tech Tips got hacked. This sparked a lot of videos analyzing what could have potentially happened. Hence why I had to talk about a story that I witnessed.
Now, there are many ways in which a channel could be compromised. The most common would be getting your credentials compromised by a suspicious phishing link. (Read here if you don’t want to get phished)
I can go on and on about these common attacks but in this article I want to focus on something new and powerful that has been compromising channels left, right and centre.
Session Hijacking
Picture this: you log in to YouTube to catch up on your favorite channels, and you’re in the zone, watching video after video. But suddenly, something comes up, and you need to close your browser. No worries, right? You can just reopen the browser, and voila! You’re still logged into YouTube, ready to pick up right where you left off. It’s a feature that we all know and love — because let’s be real, who wants to keep logging in every time they open a new tab? But have you ever wondered how this sorcery happens? Well, my friends, let me introduce you to the magical world of session tokens.
Session tokens are commonly used in web applications to maintain a user’s session across multiple requests, allowing them to remain logged in and access different parts of the application without having to re-authenticate each time.
If your session token ends up with a hacker, they could gain access to your account with knowing your username and password (Even if you have the perfect password like I explain here!)
Session token hijacking is a type of cyber attack where an attacker gains access to a valid user’s session token, allowing them to impersonate the user and gain unauthorized access to their account or sensitive information.
There are several ways in which session token hijacking can occur. One common method is through the use of a malicious script or malware that can steal session cookies or tokens stored in the user’s browser.
Another method involves intercepting the session token during transmission between the user’s browser and the server, either through network sniffing or through a man-in-the-middle attack. The malicious script is a much more common occurrence than network sniffing.
In the case of Linus Tech Tips, one of their employees clicked on a brand deal / collaboration mail which contained a PDF. This PDF was opened by the employee as getting contracts in email is fairly common for big channels like Linus Tech Tips. The PDF contained nothing of substance. But, what the employee didn’t know was that upon opening this PDF, a malicious script had fetched all the user data from the device (including session tokens, browser data,etc.) and sent it to the hacker. This happened in less than 30 seconds.
With this session token, the hacker was able to take over the channel and shill bitcoin. Now you may be wondering, what does the hacker(s) gain by shilling bitcoin?. Well my dear readers, you have to wait for part 2 for that. In this article, I would like to just focus on the hacking aspect. If you are interested in the crypto side of this, you can read it in part 2.
Conclusion
I know there has been so many creators who have shared about this particular kind of hack which is happening in YouTube. This isn’t new. This has been going on for over a year. The reason why I too have joined the army of people speaking out on this topic is to spread awareness (and to get YouTube to do something about this!). Seriously, if you have a big subscriber count, then your account will most likely be restored fairly quick. Imagine if you are a small YouTuber. Hacks like this can ruin your entire channel’s ad revenue. That is if you get your account restored.
Therefore, it is important we spread the message. These hackers have a common theme of “Bitcoin”, “Tesla”, “Open AI”, “Space X” and “Elon” and the fact that all these are live streams. Sounds like there are ways to restrict such content from YouTube side.
So, I pass the baton to you dear reader. Spread the message. Share any news or article or video that talks about this scam and spread the word. Let’s us try our best to get some regulations from YouTube side for these scams.
That being said, I hope you liked this article. Do let me know what you think and share with me if you had any similar experience. Leave a clap, if you liked it and do follow me for more such cyber related content!
