How YouTube Channels are getting HACKED?

Before writing this blog post, I have interacted with some of the Creators whose channels got hacked, who got back their channels & also the creators who didn't fall for the trap.




Let me discuss the attack scenario here, in the first step, the hacker(s) sends the victim (Creator), an email in the form of a sponsorship request, when the victim (Creator) accepts the request & proceeds, the hacker sends them the download link of a .zip file, it can be a Google Drive link, a MEGA link or a link to their site. Usually the .zip file is of very small size (which should alert the creator, if he/she notices it). When the victim (creator), downloads the .zip file & extracts it, he gets a .lnk file.

A .lnk file is basically a shortcut file, which is linked or associated with some other file. When the victim, double clicks on the .lnk file & opens it, a Windows PowerShell script starts running in background, which downloads a malware from the Internet & sends the information to the hacker's server.




I know that "No system is secure" but there is no unpatched vulnerability found on YouTube & as per my interaction with the Creators who have faced these kind of challenges, this is the way which the hackers are using to hack into YouTube Accounts.

In these kind of attacks, it does not matter whether you have turned on 2-factor Authentication for the Google account (the one which is linked to your YouTube Channel) or not, because here, the hacker does not use your username, password & OTP to hack into your account, they simply use a RAT (Remote Access Tool) or a Session Hijacking Tool, with the help of which they hijacks the active session of your Google Account. With the help of the active session of your Google Account, they transfer the channel ownership to their own Google Account, YouTube sends an email to the Victim for confirmation, but the hacker verifies & deletes the email before the victim notices it, after 24 hours, the channel gets transferred to the hacker's Google Account & the hacker gets full control of the channel.




How to be SAFE?

1. Don't trust sponsors easily.

2. Download & test softwares/apps from sponsors on a Virtual Machine or some other device, where you have not logged in from your Google Account.

3. Do proper recon & know your sponsors (whether they're legit or not).

4. Turn on 2-step-authentication (though it's of no help in this case).

5. Keep your password strong.

A strong password contains, letters, numbers, & special characters.



Here's an article/blog post from Tech Raj (400K Subscribers), describing his encounter with a hacker in the form of a sponsor. He realized it before things goes out of control & he was able to save his account/channel from getting hacked, not only that, he also analysed a malware & published a detailed report of the malware & it's working in his blog post.



There's another creator Foot Prints (33K Subscribers), his channel got hacked in late January/beginning of February, he got back his channel after 45 days. He tried to contact YouTube, even after getting the same automated response from them, he did not loose hope, he continued to struggle & finally got back his channel after 45 days.


The above attached video belongs to Foot Prints, no copyright infringement intended.

Thanks for reading. Have a nice day!

© 2020 BY ANUKIRAN GHOSH

  • Facebook Basic Black
  • Twitter Basic Black
  • Black Instagram Icon