Stream-Jacking Attacks on YouTube Steal From Victims via Cryptocurrency Scams

Cybercriminals are using stream-jacking attacks on YouTube to target high-profile accounts and promote fraudulent messages. They create channels with names and handles similar to Tesla and livestream looped videos that appear legitimate. The livestreams have titles inspired by official Tesla streams. The attackers disable or limit comments to prevent users from alerting others to the scams. The hijacked channels often have no other content and are likely automated. The scammers embed QR codes and links to phishing websites in the videos. They promote a cryptocurrency scam promising double the amount sent. Some livestreams feature deep fakes of Elon Musk endorsing cryptocurrencies. The scammers also use phishing kits and promote them on Telegram. There are over 1300 videos promoting these scams and more than 150 distinct websites identified. The websites have Cloudflare protection, making analysis difficult.