So-called stream-jacking attacks are progressing at a worrying pace, according to new research from Bitdefender.
The cybersecurity firm claims it has been monitoring the trend since October 2023, when high-profile YouTube accounts were hijacked “to run a host of crypto-doubling scams.”
However, Bitdefender says this year has brought something new, as these attacks have evolved in recent months to reach a wider audience and make their parodies of crypto-related news seem more legitimate than ever.
Advanced tactics
Such developments include co-opting real and popular news announcements to monetize fake livestreams. For example, threat actors conducted livestreams under the title “SpaceX Launch Starship Flight Test! Elon Musk Provides Update on Starship!” on popular YouTube channels that were marked as verified, but which they had compromised. These are usually compromised by malware stealing information to obtain access tokens.
Bitdefender also discovered that these live streams artificially increased the number of viewers to make the stream even more believable. The scammers also used variants of the names of official channels. In the case of @SpaceX they used @spacex1.
Other events scammers have taken advantage of include the SEC vs. blockchain developer Ripple Labs trial. During that trial, Bitdefender noticed several fake livestreams around the key date of November 30. The same was true when Changpeng Zhao resigned as CEO of Binance and Tesla’s Cybertruck was launched.
Bitdefender has also noticed the increase in deep fakes of popular figures in the crypto industry. The company says that “some of the deep fakes observed are of decent quality and could easily fool the untrained eye.” These videos often ask viewers to scan a QR code to send their crypto, with the promise of it being doubled.
Live chat for these streams has also been disabled to prevent viewers from reporting the scam. Only selected members can comment, or members who have been subscribed to the channel for a long time. However, Bitdefender found an example where one channel required a 52-year subscription period before messages could be sent.
Bitdefender says these operations can be highly profitable for threat actors, with potential revenues of more than half a million dollars. She believes that these figures are alarming, “and that the need to raise awareness about such fraud is paramount.”