Russian crooks are stealing YouTube accounts — what to do

A content creator with camera, microphone and laptop accessing YouTube on a smartphone.
(Image credit: Sutipond Somnam/Shutterstock)

Google has busted a Russian gang that was dedicated to swindling YouTube content creators out of their accounts.

The gang's tactic was to befriend successful YouTube "creators" or "YouTubers" — those YouTube uploaders of original content such as PewDiePie who have enough followers to earn a lot of money through ads, merchandising and affiliate links — and propose partnerships or other types of financial or promotional agreements.

According to a post yesterday (Oct. 20) by Google Threat Analysis Group's Ashley Shen, the gang would then send poisoned files to the creators to steal passwords and session cookies, enabling the crooks to take over the creators' accounts.

"The actors behind this campaign, which we attribute to a group of hackers recruited in a Russian-speaking forum," Shen wrote, "lure their target with fake collaboration opportunities (typically a demo for antivirus software, VPN, music players, photo editing or online games), hijack their channel, then either sell it to the highest bidder or use it to broadcast cryptocurrency scams."

The stolen accounts, Shen said, could be resold for up to $4,000 each.

How to protect your YouTube account

To protect your YouTube and other social-media accounts from hackers and hijackers, Google recommends:

  • Paying attention when your browser warns you that a website might not be safe to access
  • Scanning all downloaded files with some of the best antivirus software before opening them
  • Turning on Enhanced Safe Browsing Protection  in your Chrome security settings
  • Using two-factor authentication (2FA) to protect your accounts from hackers who might have your passwords

Tom's Guide would also recommend using one of the best password managers as well, because storing passwords in a browser makes them ripe targets for information-stealing malware.

Promoting poisoned products

Shen provided an example of an email message sent to a YouTube creator proposing to pay the YouTuber to promote a brand of antivirus software. The message said the YouTuber would need to install and demonstrate the antivirus software on video. 

If the YouTuber agreed, the crooks would then send the creator an instant message, email message, PDF or document with links to a website where the creator could download the software. 

Shen said more than 1,000 malicious websites and social-media accounts were created for this purpose, many of which mimicked legitimate brands such as Cisco or Steam.

But the software the YouTuber would download and install contained malware that stole passwords and session cookies, those tiny bits of data that keep you logged into online accounts for long periods of time. Armed with those stolen items, the crooks could take over the YouTube accounts.

The masterminds behind this scheme used Russian-language online forums to recruit lower-level crooks to do the dirty work, promising between 25% and 70% of the revenue from the hijacked channel depending on the amount of evil deeds they'd be willing to do.

Shen said that beginning Nov. 1, YouTube content creators whose channels earn money will need to have 2FA enabled on their Google accounts to access certain YouTube tools.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Read more
and image of the Google Chrome logo on a laptop
Over 600,000 Chrome users at risk after 16 browser extensions compromised by hackers — what you need to know
and image of the Google Chrome logo on a laptop
Popular Chrome extensions hijacked by hackers in widespread cyberattack — 3.2 million at risk
A hacker typing quickly on a keyboard
Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates
A hacker typing quickly on a keyboard
Hackers can steal your accounts, and all it takes is a double-click — don’t fall for this new form of clickjacking
and image of the Google Chrome logo on a laptop
Billions of Chrome users at risk from new browser-hijacking Syncjacking attack — how to stay safe
Reddit logo and Reddit logo on phone
Hackers have created hundreds of fake Reddit sites to spread info-stealing malware
Latest in Online Security
A woman using her laptop securely with a cup of coffee in hand
5 common mistakes people make when shopping for antivirus software
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Victims of Identity Theft
FTC says Americans lost $12 billion to scams last year and these were the worst ones — here's how to stay safe
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
Latest in News
iPhone 17 Air render
New leaked iPhone 17 dummy units show off super-thin iPhone 17 Air with this surprising design tweak
Simone Ashley and Hero Fiennes Tiffin in "Picture This" now streaming on Prime Video
Prime Video top 10 has 3 must-watch movies — including a bubbly romcom starring 'Bridgerton's' Simone Ashley
(L-R) Josh Hartnett as Cooper and Ariel Donoghue as Riley in "Trap"
Netflix top 10 movies — here’s the 3 worth watching right now
iOS 19 logo on an iPhone
Apple WWDC 2025: iOS 19 and everything we know so far
Siri
Siri 2.0 features reportedly only working ‘two-thirds to 80% of the time’
Jack Draper in action at Indian Wells 2025
How to watch Indian Wells men’s and women’s finals: live stream tennis online