Linus Tech Tips & Techquickie is Breached

[SeriousHoax]

It was a stealer malware indeed.

 

[Jonny Quest]

It was a stealer malware indeed.

Nice link, it really got interesting for me @ 2:16

 

[mlnevese]

Linus Tech Tips' YouTube channels were hacked due to a session hijacking attack

YouTuber Linus Sebastian confirmed in a new video that his channels were taken over by hackers due to a session hijacking attack. This attack bypasses passwords and MFA to infiltrate an account.

www.neowin.net

 

[StriderHunterX]

The game changes weekly, it seems.
Still remember waking up early in the morn and Musk's mug receiving me on the YT app. It felt like a fever dream!

Cyber criminales are getting trickier and trickier.

 

[Azure]

Anyone here know if Webroot Identity Shield could have protected those session cookies?

 

[marksti64]

Anyone here know if Webroot Identity Shield could have protected those session cookies?

I'm guessing probably not, but I think most AVs wouldn't be able to protect those cookies, maybe mark it as suspicious behavior. Bad actors will find ways to get around the antivirus. This could make an interesting discussion though..

 

[Trident]

I'm guessing probably not, but I think most AVs wouldn't be able to protect those cookies, maybe mark it as suspicious behavior. Bad actors will find ways to get around the antivirus. This could make an interesting discussion though..

There is a way to control access to these cookies with Kaspersky Application Control and premium Avast has a way to block access to browser repositories. So users are not really powerless.

 

[Thales]

So, what about browser-based password managers like Bitwarden or even Google's/Edge's own password manager? Are they also vulnerable to this attack?

 

[Trident]

So, what about browser-based password managers like Bitwarden or even Google's/Edge's own password manager? Are they also vulnerable to this attack?

They are, look at StealC analysis. Scroll down to the tables to see what’s affected. The browser’s own password manager is what will get exfiltrated first. I’ve played with malware of this sort and it takes seconds, but also it can be tested on any.run. Once you execute it, both passwords and more crucially, session cookies from a huge variety of browsers are gone.

Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity - Part 1

Stealc infostealer is another fully featured infostealer sold as a MaaS which emerged on underground forums in early 2023.

blog.sekoia.io

 

[marksti64]

So, what about browser-based password managers like Bitwarden or even Google's/Edge's own password manager? Are they also vulnerable to this attack?

yes, but fake pop-ups and login pages are more common

 

[goodjohnjr]

Some of these new types of attacks are scary, annoying, et cetera.

More things need to be done natively to help protect against these types of attacks, and free cybersecurity training / recommendations for the public needs to be updated & shared better to help educate the public for these newer types of attacks.

I did not learn about this situation until after work today when I watched this YouTube video:

Channel With 15MIL Subs: DELETED:

 

[Trident]

The best advise is to use a laptop based on linux/mac/chrome os for managing this content and never open important accounts on a Windows-based PC. If you don’t click on links in emails, it greatly reduces the risk.

 

[ForgottenSeer 98186]

The best advise is to use a laptop based on linux/mac/chrome os for managing this content and never open important accounts on a Windows-based PC. If you don’t click on links in emails, it greatly reduces the risk.

In 10 years, only 55 security exploits have been documented for ChromeOS. Apple’s OSX has 2,212 listed vulnerabilities from 1999 until today and Microsoft Windows has 6,814 since 1999.

 

[Trident]

The vulnerabilities in Chrome and Chrome OS are also relatively short-lived and hard to uncover/exploit.
The platform’s small and quick updates leave little room for CVE exposure.
Very high level of skills is required there, as opposed to Windows, where without exploiting vulnerabilities, an attacker can just smuggle an executable or 2 in various fragmented scripts and stages. The result is then what we are discussing on this thread.

 

[piquiteco]

Large Youtube channels are high value users for hackers because they have high visibility to the public, in this case it is recommended to use Google Advanced Protection Program to secure your account, using hardware security keys like yubikey, Titan key like MFA/2FA whenever possible. Another thing to do is always log out of your account to close the session or clear your browser cookies when you close it. Ideally, you should use the browser in Anonymous Mode, and never mark your device as trusted. I understand that doing this is inconvenient, today we have a plethora of dedicated password managers that have been developed for this purpose. Your Google account with MFA enabled and protected by security keys is more convenient than MFA by token generated by Authenticator app. The yubikey for example you just have to physically tap with your finger to get past the second factor and quickly login to your account is simple, convenient and more secure.

 

[ForgottenSeer 98186]

The vulnerabilities in Chrome and Chrome OS are also relatively short-lived and hard to uncover/exploit.
The platform’s small and quick updates leave little room for CVE exposure.

A premium Chromebook makes a great gift.

 

[Miyagi]

 

[piquiteco]

If Linus Tech Tips had Hard_Configurator or OSArmor installed on his computer he would have blocked it from opening the file disguised as a PDF and he would have no problems. Note: I am not advertising OSArmor or Hard_Configurator, just citing it as an example. People like him who receive hundreds of e-mails a day should not trust only an AV, in this case he would have to have an extra security layer, which would have blocked the .SCR file from passing itself as Windows screensaver, an extension format that is used in Windows since it was released. Another important thing, do not use the Windows operating system to open e-mails, important things, bank accounts such as accessing internet banking. Microsoft Windows operating system is very popular, it is the most targeted by Malware so better avoid using it @Trident said this in the post #32 to use Linux/Mac/Chrome OS based operating system and he is correct the chance of you falling into a trap like this falls drastically. No operating system is perfect, but perhaps in this particular Linus scenario, if the Malware was designed to only run on Windows, to a person with a Mac, Linux or Chrome OS it would be useless. These were my impressions. I hope he solved the problem on his Youtube channel. Guys every time I see a PDF file, I'll check the file properties just to make sure it's not cloaked by the .SCR before opening it lol

Spoiler

 

[Nikos751]

I wonder if ESET banking protection which is by default always on, would block that malware from reading the credentials from cookies.

 

[Trident]

I wonder if ESET banking protection which is by default always on, would block that malware from reading the credentials from cookies.

It wouldn’t.