Bitdefender Labs has uncovered a worrying new trend in cyber scams, exploiting high-profile events and personalities to lure victims into fraudulent schemes. This latest development involves ‘stream-jacking’ attacks on YouTube, using deepfake technology and sensational political events to amplify their reach. Stream jacking is a hacking practice in which cyber criminals intercept and hijack a victim’s video or audio stream. This term is derived from the combination of the words ‘stream’ and ‘hijacking’.
The scam in detail
Since 16 July, dozens of hacked YouTube channels have broadcast live streams deepfaked by Elon Musk, allegedly revealing details of an assassination attempt against former US President Donald Trump. Crypto doubling scam is a scam in which scammers promise to double the amount of cryptocurrency sent to them by the victim. Although the looped videos do not explicitly mention this event, the descriptions provided on these channels paint a vivid picture of Musk’s alleged political affiliations and his support for Trump.
One such description reads:
“Elon Musk plans to provide around $45 million a month to a new political committee in support of former US leader Donald Trump as part of the #Tesla #Musk #Trump presidential campaign.”
Another hacked channel described the event dramatically:
“Former President Donald Trump was the target of an apparent assassination attempt on Saturday during a rally in Pennsylvania, just days before accepting the Republican nomination for the third time. Amid a barrage of gunfire, a bloodied Trump, who reported being shot in the ear, was surrounded by the Secret Service and rushed to his SUV as he raised his fist in defiance. The Trump campaign later stated that the presumptive Republican nominee is ‘fine’ after the shooting, which pierced the top of his right ear. The incident sparked panic at the rally, with many attendees seeking shelter from the unexpected violence. Billionaire Elon Musk reacted to the incident, declaring Saturday night that he ‘fully supports’ Donald Trump. Musk’s statement added a new dimension to current events, as he also hinted at possible political endorsements in the upcoming election. #Tesla #Musk #Trump.”
Hacked channels and deepfake technology
Many of these hacked channels, analysed by researcher Ionut Baltariu, have not changed their names in the last 24 hours. However, some were renamed to ‘Tesla’ or ‘Donald Trump Jr.’. The threat actors deleted the original content of these channels and started broadcasting a live deepfake video on a loop, falsely claiming that Elon Musk is promoting a crypto-doubling giveaway. A particularly worrying aspect of this scam is its potential reach. One hacked channel has over 1.26 million subscribers, while others have subscriber accounts of over 700,000 and 100,000.
The mechanism of the scam
Deepfake videos encourage viewers to participate in a crypto giveaway by scanning a QR code embedded in the video. These QR codes, sometimes placed near a Donald Trump logo, direct users to fraudulent websites hosted on domains that resemble the names of impersonated brands, such as Tesla. Examples of these domains include musktrump[.]org, tesla-elon[.]gives, elomusk[.]finance, muskrise[.]io, and taketesla[.]org.
Protecting Yourself Against Crypto-Doubling Scams
Vigilance and adherence to good IT practices are key to avoiding these scams. Here are some recommendations for staying safe:
- Watch out for click-bait headlines associated with Tesla or references to the attack against Donald Trump.
- Avoid scanning QR codes in videos promising too-good-to-be-true crypto giveaways.
- Check YouTube channels promoting crypto giveaways for signs of suspicious activity, such as missing or deleted videos and closed comment sections.
- Report suspicious activities to YouTube or the competent authorities.
- Use a reliable security solution that can block phishing attempts and fraudulent links.
Credit: Source link