YTStealer Malware Targets YouTube Creators

Share post:

A report from Intezer has provided further analysis on a new information stealing malware called YTStealer. YTStealer attempt to steal YouTube content creators’ authentication tokens and hijack their accounts.

As YTStealer focuses on one target, the malware authors are therefore able to make their token theft operation very effective by incorporating advanced, specialized tricks.

Since the malware also targets YouTube creators, most of its distribution uses lures impersonating software that edits videos or serves as content for new videos. Impersonated software that includes malicious YTStealer installers include OBS Studio, Adobe Premiere Pro, FL Studio, Ableton Live, Antares Auto-Tune Pro, and Filmora.

Researchers explain that the malware is bundled with other information stealing malware. This means it is treated as a “bonus” dropped alongside malware that targets password theft dropped from a wider range of software.

Before running on the host, the malware performs some anti-sandbox checks using the open source tool Chacal. Once the machine is a valid target, the malware checks the browser’s SQL database files to find YouTube authentication tokens, then validates them by launching the web browser in headless mode and adding the stolen cookie to its store.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs


Related articles

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

AI surpasses human benchmarks in most areas: Stanford report

Stanford University’s Institute for Human-Centered Artificial Intelligence (HAI) has published the seventh annual issue of its AI Index...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways