• Home
  • /Learn
  • /Streamjacking: Hacking Millions of Cryptocurrency Holders
background image


Streamjacking: Hacking Millions of Cryptocurrency Holders


With the advent of technologies like the cloud and different social media, streaming platforms like YouTube have flourished. However, cybercriminals use platforms like YouTube to propagate streamjacking and circulate crypto scams.

What could this mean for you or your organization? Let's jump right into it:

The Definitions of Cyberjacking and Streamjacking

Cyberjacking is a combination of two terms: cyber and hijacking. It is a cyberattack where the attacker alters the usage of the online system or uses electronic information without permission. The attacker changes the information or uses the online services in an unauthorized form to perform fraudulent actions or scam the victim.

Cyberjacking is a highly illegal activity with severe consequences. Enterprises can prevent cyberjacking by contacting security firms like Packetlabs, whose experts are adept at dealing with various cybercrimes. 

Streamjacking is the latest form of cyberjacking, wherein the attackers hijack streaming platforms to release scams and fraudulent actions. Streamjacking uses malicious ads, phishing links and pages, and other electronic data that redirects them to download malicious apps or leads them to scam pages. Researchers have found that cybercriminals use YouTube for streamjacking.

YouTube Channel Propagating Streamjacking

According to recent research, attackers use streamjacking to hijack hundreds of YouTube channels around the globe and steal US$100,000 (or more) from crypto owners daily. After hijacking the YouTube channels, they propagate scams like the infamous "Elon Musk Branded Crypto Giveaway." By pushing fake streaming videos and scamming pages, streamjacking cybercriminals snitch millions of USD worth of crypto and perform crypto laundering operations.

The capacity of this type of scam is alarming, starting with malware that steals your private information and accounts and later on targeting individuals' crypto wallets—all with the potential to do even more damage in the future, with the possibility of extending to organizations.

The Streamjacking Attack Flow

The streamjacking attack has nothing to do with Elon Musk. However, cybercriminals use his name as he is closely associated with cryptocurrencies. He is not the only one whose name got dragged into such scams. Attackers use malicious ads, fake crypto wallet links, malicious yet prevalent software packages, search results, and phishing pages to reach the target users. So, how does this streamjacking scam work? 

In this attack campaign, the cybercriminals make the victim believe there is a once-in-a-lifetime opportunity to double their crypto money. 

They show the profit by tagging the names of leading crypto-related personas (like Elon Musk). The campaign says, "Just send X Bitcoin to this address, and you will immediately get double the worth back to your wallet." To make users believe, cybercriminals hijack the Twitter accounts of high-profile celebs and personas and spread these messages.

Once this live stream is activated on a hijacked channel (with a thumbnail and record an old Elon Musk conference video), it will notify all subscribers of the original channel with a direct push notification—another bonus for the threat actor sponsored by YouTube.

Hijacking YouTube Channels As-A-Service

Guardio Lab researchers noticed that over the past few months, the thieves’ propagation shifted to more dimensions. These scammers use advanced tools and online services (bought from the dark web markets) as part of malicious packages, hacked software, game mods, and even fake app installers. 

RedLine stealer is one such example of a full-blown package that enables attackers to steal the data of mass users. These tools steal session cookies, YouTube credentials, and other streaming platform information directly from the victim's Chrome browser. Later, attackers use them to carry out scam campaigns and streamjacking.

Attackers took the crypto scams to another level by using a scam page. As reported by Guardio Labs, "It is quite simple & duplicated using the same template and the same simple static code—changing colours & main brand/character from Elon Musk (in different poses) to other presenters." Cybercriminals are tweaking Elon Musk's image and the website's design to make it look more authentic, which is a common phishing tactic.


There are plenty of checkpoints individuals can review to stay away from streamjacking. No one should open unknown sites just because they have a renowned person's photo or download software from unknown sites. Individuals must remain vigilant while transferring funds to any unknown address. Enterprises can also validate a crypto service through websites like blockchain.com to review wallet activities.

Remember: there are no free gifts on the Internet. Contact our team today to learn more about how to protect you and your organization against increasingly advanced threats like streamjacking... and subscribe to our newsletter for more free, zero-obligation security tips and news.

Sign up for our newsletter

Get the latest blog posts in your inbox biweekly!