How do hackers compromise YouTube channels?
1. Cookie Theft Attack
Hackers use a method called “pass-the-cookie,” which exploits browser session cookies. These cookies allow users to stay logged into an account without having to re-enter their password and second factor at each login. By stealing these cookies, hackers can impersonate the victim and access their account without needing credentials.
2. Phishing Approach
First Step: A Convincing Email
The hacker contacts the channel owner pretending to be a legitimate business, such as a game developer or VPN service provider, and proposes a collaboration. The initial email appears professional and harmless.
Second Step: A Fake Contract
The hacker then sends a compressed file allegedly containing a contract or additional information. This file comes with a password to reinforce the illusion of legitimacy.
Third Step: Malware Trap
When the user extracts and opens the files, they trigger hidden malware (such as the RedLine Trojan). This malware steals session cookies stored in the browser and transmits them to the hackers.
3. Channel Impersonation and Exploitation
Once the channel is compromised, hackers modify its name, profile picture, and sometimes delete all content. They then broadcast fraudulent streams (often using Elon Musk’s image to promote fake cryptocurrency offers).
Typical example: hackers ask viewers to transfer their cryptocurrency to a given address, promising to double the received funds. These streams are often quickly blocked by YouTube, but the channel owner must then prove they were not responsible for this fraud.