The following post, the third of a three part series, is presented in collaboration with Cyrus.
In this last part of a three part series, our teams summarize the major takeaways from our joint research and provide you with some actionable recommendations.
Interestingly the Cyrus team managed to discover a recent and unique interview with a Russian info-stealer ex-cybercrime gang leader. Prior to the gang’s arrest, his team was in charge of targeting end-users and stealing their YouTube channels using info-stealer campaigns. We translated the whole interview and will share the main insights with you.
Once data is acquired by Hudson Rock, it takes minutes for it to be parsed and integrated into its cybercrime database, which Cyrus has direct access to.
it is important to note that Hudson Rock receives the data at the exact same time that threat actors obtain it to perform data breaches and account takeovers so while it normally takes 2-3 days between the time a computer gets compromised to when it’s indexed, this is just due to the time it takes the threat actor to begin selling the data.
Why is this important for you? Cybercriminals work with tons of data and it takes time to sort and monetize the compromised credentials. It is much easier for us to protect you once we have the data than it is for them to attack.
Even if the detection happened only 2-3 days later – there is still a priceless time window to act and secure your device.
By now, Cyrus and Hudson Rock shared with you our own expertise in the info-stealers world. However, now we invite you to a glimpse into an interview between two ex-cybercriminals that discussed how the info-stealer attacks are used to take-over YouTube accounts.
“It’s always much easy to exploit the end-user and trick them instead of trying to hack the company itself like Google” – citation of a cybercrime gang leader that managed a team focused on malware distribution.
The fact that there is an organized gang with leaders, shift managers, regular “employees”, financial specialists, and malicious software developers is like a final stamp that shows you how big the info-stealer threat is.
The gang was sending hundreds of emails to YouTube channel owners with invites to an unbelievable “partnership” opportunity. In more special cases, the dedicated shady analysts’ team was preparing a tailored offer based on an analysis of previous YouTube channel owner partnerships.
In most cases, the offers were baked with fake documents that will increase users’ trust. The common attack vector was to offer an anti-virus software that will make the channel owner “safer”, but in fact, the installation file was merged with info-stealer and done absolutely the opposite of protecting.
According to the ex-cybercriminal, in western countries, it’s common that the influencer channels are managed by a dedicated social media manager. Typically, those managers are responsible for up to 10 YouTube channels. When this cybercrime gang had a “lucky day”, they managed to hack one manager and through him/her get access to all the channels under his/her responsibility.
Nothing is 100% perfect. Info-stealers are made to target as many audiences as they can and Microsoft Windows is still the most popular operating system in the world. Thus, they were designed to attack Windows devices and not Mac computers.
However, if the gang member recognizes that the potential victim uses a Mac device and it is worth compromising his/her credentials – the victim will be tricked into executing the infected file on a Windows device while logged in to all targeted accounts.
Typically the hacked YouTube channel can be resold on the black market for 500$. The gang member (in the cybercrime jargon – the worker) who managed to successfully trick and infect the end-user may get between 30%-40% of the black market’s price as a profit.
The “new” owner of the channel will try to monetize it as fast as possible. Ex-cybercriminal shared that it’s usually done with the following techniques:
Hudson Rock’s company domain search tool indicates that there over tens of thousands of compromised youtube credentials originating from computers infected with info-stealers, you can check any domain for free: https://www.hudsonrock.com/are-you-compromised
Our teams believe that this joint research opened your eyes to this threat and now you have information on how to protect yourself against info-stealer attacks.
Download the Cyrus application and get comprehensive personal cybersecurity & identity protection for your email accounts, financial assets, and personal devices.
Want to immediately improve your personal cybersecurity? Verify that you have activated 2FA on all of your critical online accounts? Do you want to delete any sensitive information stored in your browser? Want to know if you’ve been the target of a threat? You can download the Cyrus mobile app and order a tailored Dark Web exposure report that will check whether one of your email addresses was the target of an info-stealer attack.
In this second of a three part series, presented in collaboration with Cyrus, we dive into botnets & info-stealers.
In this first of a three part series is presented in collaboration with Cyrus, we explain "info-stealers".