Skip to main content

New form of scam/hack that targets YouTubers

If you watch any amount of YouTube videos, you'll quickly notice sponsored videos. In other words, your favorite youtuber gives something like a 30-second spiel about some (usually software) product at the beginning of the video, as a sponsor to that video. Most often such advertised products are games, VPN services and, sometimes, PC hardware products.

These companies and developers simply send emails to these youtubers offering to pay them money to have a 30-second spiel at the beginning of a given amount of videos. Many of these youtubers accept it because it's easy money.

A new form of scam, or hacking, has been developed recently targeting precisely this kind of youtuber.

The scam works by the hacker/hackers sending a youtuber an email that looks a lot like a legitimate sponsorship deal, exactly like the common ones. With one crucial difference: They ask the youtuber for a short review of, typically, a VPN program.

What's so strange about this? The fact that such sponsors never ask for a review, just an advertisement speech (usually pre-written by the sponsor).

And why is this such a suspicious difference? Because in order to review the product, they direct the youtuber to download and run it in their computer, for them to review it.

That should immediately raise alarm bells. Except that in many cases it doesn't. Since many youtubers have not experienced this, they naively think that it's a legitimate product, and may accept the deal, thinking that it's just another normal sponsorship deal.

Of course since it's an (alleged) VPN application, it will ask for administrator privileges when run, which is normal with VPN applications. Still, naive youtubers may just grant it and run it.

Of course it's malware. The insidious thing is, however, what kind of malware it is. Most typically in these cases the big youtubers were not targeted by the scammers merely to get some random troyan, backdoor or ransomware into the person's computer (although the malware will obviously usually also act as a backdoor for the scammers, but that's not the main purpose of it). The main purpose of this malware is to surreptitiously hijack the person's YouTube channel to, for example, redirect its ad revenue somewhere else, upload advertisement or scam videos, etc. (As everything is happening from within the youtuber's own PC, it bypasses all security checks, two-factor authentications, etc, as everything that the malware does looks like done genuinely by the channel's owner.)

There's no end to the inventiveness of scammers.

Comments