Stolen Youtube Channels used to promote bitcoin scams

[Serenityttg]

There is a huge hack on dozens of European based YouTube channels. Unknown hacking group, supposedly based in Russia, is currently using stolen channels for promoting their bitcoin scam.

Quote

Someone hacked my YouTube Channel with over 310,000 Subscribers and deleted all my videos. What to do? I cant contact anyone, please help. @YTCreators - Roth Wellden, one of the victims via Twitter

 

Yesterday, a YouTuber called Roth Wellden received an advertising offer for their supposed streaming service called Gloom (which was later found to be a copy of another product called Remotr) with a link to their page and supposed license for their product. When he downloaded setup program for their "product" and tried to launch it, nothing happened. It was this moment when he realized that something was wrong, so he deleted that setup file. However, later that day he suddenly lost complete access to his channel with over 319 000 subscribers. Hackers were able to bypass two factor authentication and quickly gain full access to his account. About two hours later he found out that hackers even stole pictures of his ID card, which he had saved on his computer for authentication purposes. Roth Wellden regained access to his channel at 31st of December 2019.

 

Update (2nd of January 2020):
Hack in example mentioned above was probably executed via a malware hidden in the setup file Roth downloaded that stole cookies and session ID of his browser and created a backdoor to his computer, which hackers used to access his computer, stealing more data. YouTube at the time of writing this update reinstated most of the affected channels but the thread is still present so be aware of what email exactly are you opening as you should do all the time.

 

It was later found out that this problem happened to multiple YouTube channels, all based in Europe. For example:

https://www.youtube.com/channel/UCDkprLUEGpaaeXXSN6fIeDg
https://www.youtube.com/channel/UC-Ew7ux-YFW5dynuymiU_xw

https://www.youtube.com/channel/UCnppe64ZYf9r5r6kuR94PYQ

 

As you can see, all affected channels are renamed to "Binance" or "Changpeng Zhao [Binance CEO CZ]", however Mr. Zhao said himself that he or his company are not involved in those attacks and attackers are using their names for malicious purposes.

Quote

Alert! Scammers are impersonating official Binance accounts and tweeting to ask for deposits to specific addresses in return for gifts. You will lose your tokens if you do this! Binance will never ask you to send coins directly to any address for any reason. - Binance via twitter

 

Some channels were later sold to other people to use for multitude of others cryptocurrency scams like in the case of the first channel listed above.

 

   Stolen channel being offered on Russian market

 

Sources: (Disclaimer: articles are in Czech language)

https://tn.nova.cz/clanek/ceskemu-youtuberovi-ukradli-ucet-s-310-tisici-lidmi-smazali-i-videa.html

https://refresher.cz/78829-Ceskemu-youtuberovi-s-300-000-odberateli-ukradli-ucet-Jeho-kanal-ted-vysila-podvodny-stream-o-kryptomenach?fbclid=IwAR1Cox1UFCXEKUsr4n8GshDR4fqLJQVdY-IHPrkk1yZaIsGgJLWrSfkmljc&gdpr-accept=1

https://freebit.cz/uz-nejste-vlastnikem-kanalu-roth-wellden-krypto-scam-zasahl-youtubery/

 

          Example of hacked channel.

           Example of email with said offer. Some people report that they had a link to GameGloom website which contained infected setup file they downloaded.

Edited January 2, 2020 by The_Nevo
Added additional info and updated the topic

[williamcll]

 

[Bcat00]

Nothing else to say but to watch what out for scams nowadays. 

[Guest]

Why would you download and run something that’s obviously a scam? 

[Serenityttg]

He told me that he got around 5 offers that day and it slipped through his filter.

[Donator_HD]

10 minutes ago, floofer said:

Why would you download and run something that’s obviously a scam? 

Its a bussines mail, Roth Wellden cant know about scam.

[Guest]

Just now, Donator_HD said:

Its a bussines mail, Roth Wellden cant know about scam.

It’s pretty simple custom to not click on dodgy links that go to a download or whatnot. 

[Donator_HD]

Bussines email says about page gamegloom.com but real page is remotrapp.com

[Levent]

Its not a  "massive hack", its called phishing attack. These extremely common nowadays, I get emails asking for price quotes with excel files and when you open them some sort of shit happens and there goes your data.

[WereCatf]

3 minutes ago, Levent said:

Its not a  "massive hack", its called phishing attack. These extremely common nowadays, I get emails asking for price quotes with excel files and when you open them some sort of shit happens and there goes your data.

It's all so typical that many big companies just simply filter out all attachments from any incoming mail outright. I didn't bother checking any of the Youtube-channels mentioned, but I'm going to assume they're all rather inexperienced people wrt. technology, because people with even cursory knowledge these days knows not to open files from emails.

[Levent]

5 minutes ago, WereCatf said:

It's all so typical that many big companies just simply filter out all attachments from any incoming mail outright. I didn't bother checking any of the Youtube-channels mentioned, but I'm going to assume they're all rather inexperienced people wrt. technology, because people with even cursory knowledge these days knows not to open files from emails.

There is atleast one with almost million subs. I guess youtube is not feeding them enough nowadays.

[Mark Kaine]

47 minutes ago, Donator_HD said:

Bussines email says about page gamegloom.com but real page is remotrapp.com

WTF is a "business mail" lmao 

 

Try learning not to click on random links on emails.  Fullstop. 

[Bcat00]

57 minutes ago, floofer said:

It’s pretty simple custom to not click on dodgy links that go to a download or whatnot. 

Doesn't always work that way. When someone is only trying to get their day's work done they are not going to be thinking about scams and stuff.

[suicidalfranco]

nth youtuber victim of a phishing attack. It's like they don't even learn from each others mistake 

[Tieox]

When they contact tech support this should be the song that plays :

 

 

 

[Tieox]

double post

Edited December 29, 2019 by Kierax

[EverydayTV]

 

Got my email today  

 

 

[EverydayTV]

Their registered domain info, not sure if this will help. 

[Levent]

11 minutes ago, EverydayTV said:

 

 

Got my email today  

 

 

Oh wow, it sucks to be a youtuber nowadays huh. Glad you are an aware content creator.

[Brooksie359]

22 hours ago, Bcat00 said:

Doesn't always work that way. When someone is only trying to get their day's work done they are not going to be thinking about scams and stuff.

Business mail means nothing because I have had a couple times where suspect emails have gotten through regardless of filters. It was a stupid thing to do and it is a pretty basic security concept to not click on links you know little about not to mention downloading and running an executable. 

[Arika]

"Hacked"

[Serenityttg]

18 hours ago, EverydayTV said:

Their registered domain info, not sure if this will help. 

We know. All info we got was forwarded to the Czech police. 

[CarlBar]

18 hours ago, EverydayTV said:

 

Got my email today  

 

 

 

Whilst i would still treat this carefully and personally i wouldn't want this kind of ad revenue support if i did this looks legitimate enough to do some looking into. All it would take is somone a tad less cautious than me and i can see how they'd get caught.

[Touch My Hamm]

Do not open email on your computer that has so many authentications and ways to go around the authentications. Sounds like he got phished and since he put everything on one computer with ways to get around his own security it cannot be fully blamed on the person who stole his information. Sucks when this happens but it shows how important proper security practices are and why there are entire departments/companies that specialize in this. Hopefully people on youtube do not get scammed from the videos as they look very obvious lol. 

[Bombastinator]

On 12/29/2019 at 2:58 PM, suicidalfranco said:

nth youtuber victim of a phishing attack. It's like they don't even learn from each others mistake 

Humans are humans.  Generally cons are never new.  People have been falling for basically the same stuff for centuries.  Often far longer.  The danger is in thinking one is somehow special, and therefore immune.