EEVblog Electronics Community Forum

EEVblog => Other Blogs => Topic started by: Jackster on March 23, 2023, 04:22:28 pm

Title: Linus Tech Tips' channels hacked this morning, promoting crypto scams
Post by: Jackster on March 23, 2023, 04:22:28 pm

This morning, the LTT main channel and its sister channels were hacked.

The main channel was renamed and rebadged as a Tesla channel and then went live with an Elon Musk live stream featuring a few other people with links to some crypto crap.
(https://pbs-prod.linustechtips.com/monthly_2023_03/image.thumb.png.526289b67e1d860df338bff6236a7717.png)
(https://pbs-prod.linustechtips.com/monthly_2023_03/image.thumb.png.22a7dd566d784598ba93dd75293ab95b.png)

The main channel was taken down shortly after and remains down.

(https://pbs-prod.linustechtips.com/monthly_2023_03/643358465_Screenshot2023-03-23at3_20_02AM.thumb.png.13aca8be8f27a5a64cafa77323c08c5c.png)


Pretty interesting to see such a large network of channels hacked.
What are we thinking? Youtube 2FA flaw? Staff device hacked? Inside job?

Title: Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
Post by: Black Phoenix on March 23, 2023, 05:48:08 pm

I remember some years ago on a video Linus telling that they had at the beginning an android phone on the server room in the new building that everyone would connect remotely (via Anydesk or something similar) for 2FA needs. But they had already finished using such workaround and now was implemented in a different way.

Title: Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
Post by: thm_w on March 23, 2023, 09:09:12 pm

Yeah its interesting, await the explanation.

Apparently there is malware specifically targeting youtube gamers: https://www.bleepingcomputer.com/news/security/new-malware-bundle-self-spreads-through-youtube-gaming-videos/ (https://www.bleepingcomputer.com/news/security/new-malware-bundle-self-spreads-through-youtube-gaming-videos/)
Uses existing cookie to log in then upload its own videos. But I don't know if that lets you lock out the existing user account out.

Title: Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
Post by: Jackster on March 24, 2023, 11:16:39 am

Dave called it.

Session token based attack via sponsor attachment.

https://youtu.be/yGXaAWbzl5A

Title: Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
Post by: SiliconWizard on March 24, 2023, 09:23:12 pm

This crypto scam impersonating Musk has been going on for months.
I'm really curious to know who is behind it.

Title: Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
Post by: mc172 on March 24, 2023, 09:29:47 pm

Shame it got taken down. The Crypto scam content was orders of magnitude better than that of the original channel.

Title: Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
Post by: thm_w on March 27, 2023, 12:55:35 am

https://www.youtube.com/watch?v=nYdS3FIu3rI (https://www.youtube.com/watch?v=nYdS3FIu3rI)

tldr:
- 700MB padded file to avoid being scanned
- scr file extension, to not seem super suspicious as an exe

Title: Re: Linus Tech Tips' channels hacked this morning, promoting crypto scams
Post by: Ed.Kloonk on March 27, 2023, 01:15:56 am

Windows -still- allows any file to run as exe silently with full access to user data?

We knew about this, what, 20 years ago.