2. July 2022

Google Threat Analysis Group (TAG) has recently uncovered a new information-stealing malware, named ‘YTStealer’ that is targeting YouTube content creators by stealing their authentication cookies. Malicious actors sold breached data as a service on the dark web using fake installers that also drop RedLine Stealer and Vidar. 

“What sets YTStealer aside from other stealers sold on the dark web market is that it is solely focused on harvesting credentials for one single service instead of grabbing everything it can get ahold of,” security researcher Joakim Kenndy said in a report shared by

the blog post

on Wednesday.

As per the research, the malware extracts YouTube authentication cookie information from the web browser’s database files in the user’s profile folder; then it opens a

headless browser

and connects to YouTube’s Studio page, which is used by content creators to control the content of the videos they produce.

Further, the malware steals all available personal data of users including the account name, number of subscribers, age, and whether channels are monetized. Following this, it encrypts all data samples with a unique key and sends both to a command and control server. 

The files’ n


Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: