The research done by Intezer suggests that the cyber criminals behind YTStealer use this malware to acquire and subsequently sell stolen accounts belonging to YouTube content creators. It then stealthily uses the browser to check the validity of the obtained data.
This stealer also employs another module that allows high-level control over browsers. The cookies are obtained from the browser's database files (user profile folder). YTStealer is designed to extract YouTube authentication cookies and other information relating to the accounts on this platform (e.g., channel name and age, subscriber count, monetization status, etc.). The module this program uses is based on an open-source project, which uses anti-VM, anti-debugging, and anti-memory functionalities. Thus the goal of the attackers behind this program is to gain access and control over YouTube accounts.įollowing successful infiltration, YTStealer first checks whether it is running in a virtual environment. However, YTStealer targets very specific information - one relating to victims' YouTube accounts. Malware within this category aims to steal a wide variety of sensitive data. YTStealer is a piece of malicious software classified as a stealer.
0 kommentar(er)
