The malware was given the name YTStealer and seems to mainly target YouTube account logins to eventually take over the channels.
The malware is particularly notable for its niche focus. YTStealer is built to steal login information and authentication tokens specifically for YouTube channels. However, according to security guard Intezer, who wrote a report about the YTStealer, this also ensures that the malware is particularly effective.
YTStealer mainly works by stealing authentication tokens or cookies, bypassing any two-step verification. Those tokens are likely to be sold on the dark web, according to Intezer. For example, they can be used to take over a channel and, say, to promote crypto fraud, or to extort the owner of the channel.
The malware mainly appears to be distributed using fake versions of well-known video editing software. Malicious installations of well-known software such as OBS Studio and Adobe Premiere Pro were found to contain YTStealer, among others. To specifically infect game streamers, the malware was also found in fake mods for games like Roblox and Call of Duty.
For owners of a YouTube channel, according to Intezer, it is important to log out from time to time, to expire the authentication tokens that may or may not have been stolen.
