YouTube content creator credentials are under siege by YTStealer malware

Getty Images

In on-line crime boards, specialization is every part. Enter YTStealer, a brand new piece of malware that steals authentication credentials belonging to YouTube content creators.

“What sets YTStealer aside from other stealers sold on the Dark Web market is that it is solely focused on harvesting credentials for one single service instead of grabbing everything it can get ahold of,” Joakim Kennedy, a researcher at safety agency Intezer wrote in a weblog put up on Wednesday. “When it comes to the actual process, it is very similar to that seen in other stealers. The cookies are extracted from the browser’s database files in the user’s profile folder.”

As quickly because the malware obtains a YouTube authentication cookie it opens a headless browser and connects to YouTube’s Studio web page, which content creators use to handle the movies they produce. YTStealer then extracts all out there details about the consumer account, together with the account title, variety of subscribers, age, and whether or not channels are monetized.


The malware then encrypts every knowledge pattern with a singular key and sends each to a command and management server.

The construction of the YTStealer code and the distinctive identifier used for every pattern leads Intezer to suspect that YTStealer is being offered as a service to different risk actors. Company researchers additional observed that information used to put in the malware on sufferer computer systems loaded different credential stealers, together with ones known as RedLine and Vidar.

Many of the information are disguised as installers for reliable instruments or software program. They included pretend installers for:

  • OBS Studio, a bit of an open supply streaming software program
  • Video modifying software program, together with Adobe Premiere Pro, Filmora, and HitFilm Express
  • Audio functions and plugins resembling Antares Auto-Tune Pro, Valhalla DSP, FabFilter Total, and Xfer Serum
  • Game modes and cheats for video games resembling Grand Theft Auto V, Roblox, Counter-Strike, and Call of Duty
  • Driver instruments resembling “Driver Booster” and “Driver Easy,” which invoice themselves as a way for enhancing gaming laptop efficiency
  • “Cracks” for reliable software program or companies together with Norton Security, Malwarebytes, Discord Nitro, Stepn, and Spotify Premium

Hardcoded into the YTStealer is the area youbot[.]options. It’s not instantly clear if the area is related to Youbot Solutions LLC, which is registered within the New Mexico registry of companies. Attempts to succeed in the corporate for remark weren’t profitable.


Please enter your comment!
Please enter your name here

Popular Posts

Revolutionizing Pancreatic Cancer Treatment: The Promising Pancreatic Cancer Vaccine

Introduction Welcome to our comprehensive guide on groundbreaking advancements in pancreatic cancer treatment. In this article, we explore the revolutionary potential of a pancreatic cancer...

Unveiling the Meaning Behind Rihanna and ASAP Rocky’s Baby Name: A Journey into RZA

Introduction In the realm of celebrity news and pop culture, the recent birth of Rihanna and ASAP Rocky's baby has captured the attention and curiosity...

Sergio Busquets Leaves Barcelona

Barçelona has announced that Busquets is leaving after 15 seasons in the first team, 31 titles plus a final league on the way, and...

Harry Potter will be Back with New Series on HBO Max

The most famous school of magic and sorcery will return to the small screen. Years after the world premiere in theaters of: "Harry Potter and...

Scarlett Johansson and Her reaction to hearing about Jeremy Renner’s accident: “I didn’t know if I would see him again”

Scarlett Johansson gave an exclusive interview on Variety and confessed her reaction to learning of the accident that almost cost Jeremy Renner his life....