YouTube content creator credentials are under siege by YTStealer malware

by
Dan Goodin
from Ars Technica - All content on (#60XGA)
youtube-800x520.jpeg

Enlarge (credit: Getty Images)

In online crime forums, specialization is everything. Enter YTStealer, a new piece of malware that steals authentication credentials belonging to YouTube content creators.

What sets YTStealer aside from other stealers sold on the Dark Web market is that it is solely focused on harvesting credentials for one single service instead of grabbing everything it can get ahold of," Joakim Kennedy, a researcher at security firm Intezer wrote in a blog post on Wednesday. When it comes to the actual process, it is very similar to that seen in other stealers. The cookies are extracted from the browser's database files in the user's profile folder."

As soon as the malware obtains a YouTube authentication cookie it opens a headless browser and connects to YouTube's Studio page, which content creators use to manage the videos they produce. YTStealer then extracts all available information about the user account, including the account name, number of subscribers, age, and whether channels are monetized.

Read 4 remaining paragraphs | Comments

index?i=bvetDYAjeS4:RWSqdqKi0KE:V_sGLiPB index?i=bvetDYAjeS4:RWSqdqKi0KE:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments