Author Topic: Linus Tech Tips' channels hacked this morning, promoting crypto scams  (Read 5467 times)

0 Members and 1 Guest are viewing this topic.

Offline JacksterTopic starter

  • Frequent Contributor
  • **
  • Posts: 463
  • Country: gb
    • PCBA.UK
This morning, the LTT main channel and its sister channels were hacked.

The main channel was renamed and rebadged as a Tesla channel and then went live with an Elon Musk live stream featuring a few other people with links to some crypto crap.



The main channel was taken down shortly after and remains down.




Pretty interesting to see such a large network of channels hacked.
What are we thinking? Youtube 2FA flaw? Staff device hacked? Inside job?




Offline Black Phoenix

  • Super Contributor
  • ***
  • Posts: 1129
  • Country: hk
Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
« Reply #1 on: March 23, 2023, 05:48:08 pm »
I remember some years ago on a video Linus telling that they had at the beginning an android phone on the server room in the new building that everyone would connect remotely (via Anydesk or something similar) for 2FA needs. But they had already finished using such workaround and now was implemented in a different way.
 

Offline thm_w

  • Super Contributor
  • ***
  • Posts: 6352
  • Country: ca
  • Non-expert
Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
« Reply #2 on: March 23, 2023, 09:09:12 pm »
Yeah its interesting, await the explanation.

Apparently there is malware specifically targeting youtube gamers: https://www.bleepingcomputer.com/news/security/new-malware-bundle-self-spreads-through-youtube-gaming-videos/
Uses existing cookie to log in then upload its own videos. But I don't know if that lets you lock out the existing user account out.

Profile -> Modify profile -> Look and Layout ->  Don't show users' signatures
 

Offline JacksterTopic starter

  • Frequent Contributor
  • **
  • Posts: 463
  • Country: gb
    • PCBA.UK
Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
« Reply #3 on: March 24, 2023, 11:16:39 am »
Dave called it.

Session token based attack via sponsor attachment.

https://youtu.be/yGXaAWbzl5A

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 14448
  • Country: fr
Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
« Reply #4 on: March 24, 2023, 09:23:12 pm »
This crypto scam impersonating Musk has been going on for months.
I'm really curious to know who is behind it.
 

Offline mc172

  • Frequent Contributor
  • **
  • Posts: 489
  • Country: gb
Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
« Reply #5 on: March 24, 2023, 09:29:47 pm »
Shame it got taken down. The Crypto scam content was orders of magnitude better than that of the original channel.
 

Offline thm_w

  • Super Contributor
  • ***
  • Posts: 6352
  • Country: ca
  • Non-expert
Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
« Reply #6 on: March 27, 2023, 12:55:35 am »


tldr:
- 700MB padded file to avoid being scanned
- scr file extension, to not seem super suspicious as an exe
« Last Edit: March 27, 2023, 12:57:51 am by thm_w »
Profile -> Modify profile -> Look and Layout ->  Don't show users' signatures
 

Offline Ed.Kloonk

  • Super Contributor
  • ***
  • Posts: 4000
  • Country: au
  • Cat video aficionado
Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
« Reply #7 on: March 27, 2023, 01:15:56 am »
Windows -still- allows any file to run as exe silently with full access to user data?

We knew about this, what, 20 years ago.
iratus parum formica
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf