[MART] - Daily Diary #542 - Met YTStealer, a Malware Targeting Youtube Content Creators

CTAS-MAT ctas-mat at appgate.com
Thu Jun 30 21:48:52 UTC 2022

I hope everyone is doing well!

Below is the entry for today.

06/30/2022 - Daily Diary #542

Most malware covered in our Daily Diaries serve a generic purpose. If it's a Ransomware, a Botnet or a Backdoor, most malware are versatile enough to be used against a variety of organizations, or even private individuals. This week though, a new information-stealer malware, named YTStealer was disclosed. Information-Stealers usually grab whatever piece of valuable credential they can find - emails, internet banking credentials, social media accounts -, but YTStealer is more specific.

Upon execution, this malware grabs the current user’s YouTube cookies, and executes a headless browser with them, sending the attacker all the information regarding the user's public channel (name, number of subscribers, creation date, verification status, and if it's monetized), and send to the C2 server. The malware then is used to remotely operate the headless browser, allowing the attacker to operate the YouTube account from the machine as the owner itself.

YTStealer was found available on the DeepWeb as a malware-as-a-service, and reveals that not only generic-purpose malware has a market on the cybercrime underground. The hijacked accounts can either be used as a demand for ransom payment or to publish scam videos, advertising fraudulent cryptocurrency scams, or similar.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Duarte Domingues
Manager, MART

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220630/8e2f5464/attachment.htm>

More information about the MART mailing list