Over $600K Stolen in YouTube Stream Hijacking: Scammers Use Deepfake and AI for ‘Double Your Money’ Crypto Fraud.

11 views 6:09 am 0 Comments February 19, 2024

In a chilling blend of AI, deep fakes and cryptocurrency, cybercriminals have orchestrated a complex scheme to steal over $600,000 from unsuspecting victims through a new tactic known as Stream-jacking.

The malevolent usage of technology and deception was exposed in Bitdefender’s latest report, “Stream-Jacking 2.0” revealing the evolution of crypto scams that exploit users through YouTube channels.

The Rise of Stream-Jacking:

This sophisticated cybercrime involves the hijacking of popular YouTube accounts, the deployment of AI-generated deepfake videos and the execution of cryptocurrency scams. Impersonating figures like Elon Musk and Michael Saylor and brands such as XRP and Tesla scammers employ classic “Double Your Crypto” cons to lure unsuspecting users into their trap.

Bitdefender’s investigation discovered that these criminals have successfully stolen $600,000 through this elaborate scam. The top impersonated entities are XRP, MicroStrategy, SpaceX, Binance, Elon Musk, Michael Saylor and Changpeng Zhao (“CZ”).

The Hijacking Strategy of Scammers

It starts when the attackers strategically target high-value YouTube accounts with millions of subscribers spanning countries like the US, Brazil, India, Indonesia, Mexico, Vietnam, UK, France, Spain and more. Once a YouTube account is compromised, the criminals swiftly transform it by changing names, setting videos to private, deploying deceptive avatars and banners and linking malicious websites in altered channel descriptions.

Further, scammers leverage breaking news events related to cryptocurrency, blockchain and renowned figures to attract a larger audience. Recent events such as the SEC-XRP trial, SpaceX USSF-52 flight and leadership changes in major brands are usually used as bait.

AI-Powered Deep Fakes

A concerning advancement in criminal tactics involves using deep fake videos impersonating public figures, adding a layer of authenticity to the scams. These decent-quality deep fakes feature figures like MicroStrategy’s former CEO, contributing to the deception.

The success of the illegal streams relies on spamming techniques, with Bitdefender identifying hundreds of malicious broadcasts in a short period. Top hijacked accounts crossover 31 million subscribers, indicating the scale of the criminal enterprise.

Conclusion- Insights and Advice

While YouTube swiftly removes malicious live streams, Bitdefender notes a lack of preventive measures against these scams. Users are urged to exercise caution, avoid clicking on links in suspicious video descriptions and refrain from scanning QR codes in crypto giveaway promotions. 

The advice remains simple: “If it sounds too good to be true, it probably is!”

As cyber criminals adapt and refine their techniques, users are advised to stay aware cautious and immediately report such scams. 

The intersection of technology and deception demands heightened vigilance from both platforms and users to avoid these evolving threats.