More than $600,000 stolen in YouTube stream hijacking: Fraudsters use deepfakes and AI to ‘double your money’ cryptocurrency scam.

With a chilling mix of AI, deepfakes, and cryptocurrency, cybercriminals have hatched a complex plan to steal more than $600,000 from unsuspecting victims through a new tactic called streamjacking.

The malicious use of techniques and tricks was revealed in Bitdefender’s latest report, “Stream-Jacking 2.0,” which reveals the evolution of cryptocurrency scams taking advantage of users via YouTube channels.

Increase in stream jacking:

These sophisticated cybercrimes include taking over popular YouTube accounts, distributing AI-generated deepfake videos, and running cryptocurrency scams. Impersonators like Elon Musk and Michael Saylor, and brands like XRP and Tesla scammers use the classic “Double Your Crypto” scam to lure unsuspecting users into their traps.

According to Bitdefender’s investigation, these criminals successfully stole $600,000 through a sophisticated scam. The most impersonated companies are XRP, MicroStrategy, SpaceX, Binance, Elon Musk, Michael Saylor, and Changpeng Zhao (“CZ”).

Fraudster’s Hijacking Strategy

This begins with attackers strategically targeting high-value YouTube accounts with millions of subscribers across countries including the United States, Brazil, India, Indonesia, Mexico, Vietnam, the United Kingdom, France, and Spain. Once a YouTube account is compromised, criminals quickly transform the account, including changing the name, setting videos to private, distributing deceptive avatars and banners, and linking malicious websites to altered channel descriptions.

Scammers also leverage recent news events related to cryptocurrency, blockchain, and celebrities to attract a larger audience. Recent events such as the SEC-XRP test, SpaceX USSF-52 flight, and leadership changes in major brands are usually used as bait.

AI-based deepfakes

Advances in criminal methods include using deepfake videos impersonating public figures to add authenticity to scams. These decent quality deepfakes feature people like MicroStrategy’s former CEO, contributing to the scam.

The success of illegal streams depends on spamming techniques, and Bitdefender identifies hundreds of malicious broadcasts in a short period of time. The most hijacked accounts had 31 million subscribers, indicating the scale of the criminal enterprise.

Conclusion – Insights and Advice

YouTube is quick to remove malicious live streams, but Bitdefender notes that it lacks preventative measures against these scams. Users should exercise caution, avoid clicking on links in suspicious video descriptions and avoid scanning QR codes in cryptocurrency sweepstakes promotions.

The advice is still simple. “If it sounds too good to be true, it probably is!”

As cybercriminals adapt and improve their technology, users are advised to be cautious and report such scams immediately.

The intersection of technology and deception requires increased vigilance on both platforms and users to avoid evolving threats.