HQ/EMEAFind out how we can help your business
The immense popularity of the video-sharing platform YouTube has attracted numerous cybercriminals, especially those executing stream-jacking campaigns. The significant rise in these attacks has concerned many individuals since they could cause severe damage to many users.
Stream-jacking incidents are cybercriminal operations that involve hackers who will try to take over YouTube channels. These targeted channels typically have substantial followings to distribute malicious messages and broadcast efficiently.
These fraudulent broadcasts typically mimic famous public figures like Elon Musk or prominent brands such as Tesla so that the hackers can promote various scams, including crypto-doubling schemes.
Most stream-jacking campaigns follow similar strategies of impersonating entities to spread their malicious activities.
These stream-jacking operations’ malicious broadcasts share common traits, such as channel names and handles that impersonate famous brands like Tesla. Most of the operators also replicate the official Tesla announcement to lure users.
Specifically, these scammers use homoglyphs, noise characters, and even QR codes to bait unsuspecting viewers. In addition, their content often consists of looped videos from legitimate events, such as Tesla’s Annual Shareholder Meeting.
However, these miscreants include their scams cleverly in these videos. They have also deactivated comments or restricted comment sections to long-time subscribers, preventing those aware of the fraud from warning others to deceive viewers further.
Recent research revealed that the hijacked accounts reached a maximum of nearly 10 million subscribers, and the most-viewed channel accumulated over 3.6 billion views. In total, 1,190 channels fell victim to hijacking, broadcasting over 1,370 distinct scam live streams—furthermore, about 60% of these hijacked channels displayed or directly utilised variations of the Tesla logo.
The sudden surge of stream-jacking on YouTube indicates that viewers and content creators should be more vigilant with channels that could be malicious. YouTube users and account owners could prevent hijacking attempts by implementing solid and unique passwords, employing multi-factor authentication (MFA), and regularly reviewing their account access.
Viewers should also be cautious when encountering videos with enticing clickbait titles, particularly those promising financial opportunities. Lastly, everyone should avoid scanning QR codes from such videos and be wary of live streams that have turned off comment sections.
