So-called stream-jacking attacks are advancing at a worrying pace, according to new research from Bitdefender.
The cybersecurity firm claims that is has been keeping an eye on the trend since October 2023, as high-profile YouTube accounts were hijacked "to conduct a myriad of crypto doubling scams."
However, Bitdefender says this year has brought something new, as these attacks have been evolving over the past couple of months in order to reach a wider audience and make their spoofs of crypto-related news appear more legitimate than ever.
Advanced tactics
Such advancements involve coopting real and popular news announcements to monetize fake livestreams. For instance, threat actors conducted livestreams under the title "SpaceX Launch Starship Flight Test! Elon Musk gives update on Starship!" on popular YouTube channels that were marked as verified but which they had compromised. These are usually compromised using info stealing malware to gain access tokens.
Bitdefender also found these livestreams were artificially boosting the viewer count in order to lend further credibility to the stream. The scammers also used variants of the names of official channels. In the case of @SpaceX, they used @spacex1.
Other events scammers have made use of include the trial of the SEC versus blockchain developer Ripple Labs. Bitdefender noticed multiple fake livestreams around the important November 30th date in that trial. The same was true when Changpeng Zhao stepped down as CEO of Binance, and Tesla's Cybertruck was launched.
Bitdefender has also noted the rise in deep fakes of popular figures in the crypto industry. The company says that "some of the observed deep fakes are of decent quality and could easily fool an untrained eye." These videos often ask viewers to scan a QR code to send over their crypto, with the promise of it being doubled.
The live chat for these streams is also disabled, in order to prevent viewers from calling out the scam. Only selected members can comment, or those that have been subscribed to the channel for a long time. However, Bitdefender found an example where one channel required a subscription duration of 52 years before messages could be sent.
Bitdefender says these operations can be very profitable for threat actors, with potential earnings of over half a million dollars. It believes these figures are alarming, "and the need to raise awareness of such frauds is paramount."
