Trending

Streamjacking: Hacking Millions of Cryptocurrency Holders

With the advent of technologies like the cloud and different social media, streaming platforms like YouTube have flourished. However, cybercriminals use platforms like YouTube to propagate streamjacking and circulate crypto scams.

What could this mean for you or your organization? Let's jump right into it:

The Definitions of Cyberjacking and Streamjacking

Cyberjacking is a combination of two terms: cyber and hijacking. It is a cyberattack where the attacker alters the usage of the online system or uses electronic information without permission. The attacker changes the information or uses the online services in an unauthorized form to perform fraudulent actions or scam the victim.

Cyberjacking is a highly illegal activity with severe consequences. Enterprises can prevent cyberjacking by contacting security firms like Packetlabs, whose experts are adept at dealing with various cybercrimes. 

Streamjacking is the latest form of cyberjacking, wherein the attackers hijack streaming platforms to release scams and fraudulent actions. Streamjacking uses malicious ads, phishing links and pages, and other electronic data that redirects them to download malicious apps or leads them to scam pages. Researchers have found that cybercriminals use YouTube for streamjacking.

YouTube Channel Propagating Streamjacking

According to recent research, attackers use streamjacking to hijack hundreds of YouTube channels around the globe and steal US$100,000 (or more) from crypto owners daily. After hijacking the YouTube channels, they propagate scams like the infamous "Elon Musk Branded Crypto Giveaway." By pushing fake streaming videos and scamming pages, streamjacking cybercriminals snitch millions of USD worth of crypto and perform crypto laundering operations.

The capacity of this type of scam is alarming, starting with malware that steals your private information and accounts and later on targeting individuals' crypto wallets—all with the potential to do even more damage in the future, with the possibility of extending to organizations.

The Streamjacking Attack Flow

The streamjacking attack has nothing to do with Elon Musk. However, cybercriminals use his name as he is closely associated with cryptocurrencies. He is not the only one whose name got dragged into such scams. Attackers use malicious ads, fake crypto wallet links, malicious yet prevalent software packages, search results, and phishing pages to reach the target users. So, how does this streamjacking scam work? 

In this attack campaign, the cybercriminals make the victim believe there is a once-in-a-lifetime opportunity to double their crypto money. 

They show the profit by tagging the names of leading crypto-related personas (like Elon Musk). The campaign says, "Just send X Bitcoin to this address, and you will immediately get double the worth back to your wallet." To make users believe, cybercriminals hijack the Twitter accounts of high-profile celebs and personas and spread these messages.

Once this live stream is activated on a hijacked channel (with a thumbnail and record an old Elon Musk conference video), it will notify all subscribers of the original channel with a direct push notification—another bonus for the threat actor sponsored by YouTube.

Hijacking YouTube Channels As-A-Service

Guardio Lab researchers noticed that over the past few months, the thieves’ propagation shifted to more dimensions. These scammers use advanced tools and online services (bought from the dark web markets) as part of malicious packages, hacked software, game mods, and even fake app installers. 

RedLine stealer is one such example of a full-blown package that enables attackers to steal the data of mass users. These tools steal session cookies, YouTube credentials, and other streaming platform information directly from the victim's Chrome browser. Later, attackers use them to carry out scam campaigns and streamjacking.

Attackers took the crypto scams to another level by using a scam page. As reported by Guardio Labs, "It is quite simple & duplicated using the same template and the same simple static code—changing colours & main brand/character from Elon Musk (in different poses) to other presenters." Cybercriminals are tweaking Elon Musk's image and the website's design to make it look more authentic, which is a common phishing tactic.

Conclusion

There are plenty of checkpoints individuals can review to stay away from streamjacking. No one should open unknown sites just because they have a renowned person's photo or download software from unknown sites. Individuals must remain vigilant while transferring funds to any unknown address. Enterprises can also validate a crypto service through websites like blockchain.com to review wallet activities.

Remember: there are no free gifts on the Internet. Contact our team today to learn more about how to protect you and your organization against increasingly advanced threats like streamjacking... and subscribe to our newsletter for more free, zero-obligation security tips and news.

Featured Posts

See All
Packetlabs: One of the Top 5 Best Penetration Testing Companies

December 25 - Blog

Packetlabs: One of the Top 5 Best Penetration Testing Companies

It's official: Packetlabs has been recognized as one of the top penetration testing companies in 2024 on review platform Clutch.

December 10 - Blog

Hardware Token Protocols

Hardware token protocols: what are they, and what role do they play in your organization's cybersecurity? In today's article, our ethical hackers outline the most common hardware token protocols.

October 24 - Blog

Packetlabs at SecTor 2024

Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.

Packetlabs Company Logo
    • Toronto | HQ
    • 401 Bay Street, Suite 1600
    • Toronto, Ontario, Canada
    • M5H 2Y4
    • San Francisco | HQ
    • 580 California Street, 12th floor
    • San Francisco, CA, USA
    • 94104