Threat actors hacked the Twitter and YouTube accounts of the British army. A malicious third party compromised the accounts last Sunday, when the users opened the British army accounts, they were redirected to cryptocurrency scams. 

The Minister of Defence (MoD) press office reported the incident around 7 PM on Twitter. The tweet said that the office is aware of the breach of the army's YouTube and Twitter accounts and an inquiry has been set up to look into the issue. 

It is a matter of utmost importance for the army when it comes to information security, says the MoD office, the army is currently trying to resolve the problem. It said to offer no further comments until the investigation is completed and the issue has been solved. 

However, after four hours, an update said that problem had been fixed, here is the official tweet.

Although only YouTube and Twitter were written in the posts, other reports suggest that the Facebook account was also hijacked. The reports disclosed that the threat actors posted various promotional links to various crypto and NFT scams, these include phishing links to a fraud mint of The Possessed NFT collection. 

On YouTube, the threat actors modified the entire account to make it look like investment agency Ark Invest, they posted live stream videos that featured celebrities like Elon Musk and Jack Dorsey. 

This is a very classic crypto scam, the hackers used videos to promote QR codes for viewers to send their crypto money to, and the viewers were told that they'll get double the investment if they do so. The MoD has now taken down all the content that was rebranded by the hackers. 

"Just last week, high street bank Santander warned of a predicted 87% year-on-year increase in celebrity-endorsed cryptocurrency scams in the UK in 2022. It reported a 61% increase in the cases it dealt with between Q4 2021 and Q1 2022, with the average cost of these scams increasing 65% year-on-year in the first quarter to reach £11,872" says InfoSecurity.

Scammers are taking full advantage of the debut of Google's new TikTok competitor, YouTube Shorts, which has proven to be an excellent platform for feeding stolen content to billions of engaged viewers. Researchers have cautioned that this content is being exploited to conduct rackets such as advertising adult dating websites, hustling diet pills, and selling marked-up commodities. Although YouTube Shorts is still in beta, scammers have had plenty of time to shift their best TikTok-tested flimflams over to the Google cosmos, which is already populated by billions of viewers. 

Satnam Narang, a Tenable analyst, has been analyzing social media for over a decade and discovered that scammers are having great success stealing TikTok's most viral videos and exploiting them on YouTube Shorts to get viewers to click on a variety of sites and links. Narang examined 50 distinct YouTube channels and discovered that, as of December, they had accumulated 3.2 billion views across at least 38,293 videos stolen from TikTok creators. He stated that the YouTube channels had over 3 million subscribers. 

The most common type of fraud Narang discovered was the use of extremely popular TikTok videos, especially challenges showing gorgeous women, to serve links to adult dating sites that run affiliate programmes that pay for clicks.

These websites pay affiliates on a cost per action (CPA) or cost per lead (CPL) basis to incentivize them. Scammers, on the other hand, have started taking advantage of these affiliate offers to gain cash by duping users of social media networks. Scammers only need to persuade consumers to visit these adult dating websites and sign up with an email address, whether valid or not. When a visitor to an adult dating website becomes a registered user, the fraudster is able to get anywhere from $2–$4 for the successful CPL conversion. 

“While adult-dating scams proliferate across many platforms, the introduction of YouTube Shorts, with its enormous potential reach and built-in audience, is fertile ground that will only serve to help these scams become even more widespread,” Narang explained. “This trend is alarming because of how successful these tactics have become so quickly on YouTube Shorts, based on the volume of video views and subscribers on these fake channels promoting stolen content.” 

Viewers of YouTube Shorts were also offered advertisements with viral TikTok exercise videos for trending products, such as the pants dubbed "the leggings" on social media. The famous leggings, with a seam across the back to improve even the flattest posterior, were being offered on YouTube Shorts at a markup by scammers expecting the new breed of customers wouldn't notice the padded price, Narang discovered.

According to Greek legend, a Trojan is a form of malware that disguises itself as a legitimate file or software in order to fool unsuspecting users into downloading it on their computers. This is how naive users give cyberattackers unauthorized remote access. Threat actors will now be able to monitor a user's activities (web browsing, computer usage, and so on) in order to collect and extract sensitive data, erase files, or download more malware onto the PC, among other things. 

Threat actors are getting more inventive, as they have begun to utilize YouTube videos to spread malware via embedded links in video descriptions. Cluster25 security researcher Frost said that malware campaigns promoting various password-stealing Trojans have increased significantly on YouTube. Frost believes that two clusters of malicious activity are operating at the same time, one distributing RedLine malware and the other distributing Racoon Stealer. 

Malicious actors start by launching dozens of new YouTube channels dedicated to software cracks, licenses, how-to instructions, bitcoin, mining, game hacks, VPN software, and just about any other popular topic. These videos demonstrate how to complete a task using a specific piece of software or technology. Furthermore, the description of the YouTube video claims to provide a link to the associated programme that was used to disseminate the virus.

"We are aware of this campaign and are currently taking action to block activity by this threat actor and flagging all links to Safe Browsing. As always, we are continuously improving our detection methods and investing in new tools and features that automatically identify and stop threats like this one. It is also important that users remain aware of these types of threats and take appropriate action to further protect themselves," said Google. 

According to the researcher, thousands of videos and channels were created as part of the massive virus effort, with 100 new videos and 81 channels launched in only twenty minutes. Threat actors use stolen Google accounts to create new YouTube channels to spread malware, according to Frost, creating an infinite and ever-growing loop. 

"The threat actors have thousands of new channels available because they infect new clients every day. As part of these attacks, they steal victim's Google credentials, which are then used to create new YouTube Videos to distribute the malware," Frost said. 

These campaigns demonstrate the need of not to download programmes from the Internet at random, as video publishers cannot check every link published to sites like YouTube. As a result, before downloading and installing anything from a website, a user should study it to see if it has a solid reputation and can be trusted.

Recently, tens of YouTube accounts were hacked to broadcast a Ponzi cryptocurrency scheme by renaming the hacked YouTube accounts as Microsoft accounts bearing the message from the company's former CEO Bill Gates to invest in crypto.


This is not the only attack of it's kind, various other attacks like this have become frequent on YouTube where the hacker hijacks a popular account and broadcast a message from the account- a "crypto giveaway", where the user is offered that if they give some cryptocurrency they'll get it back doubled. And of course, this is a scam and the victim does not get any returns.

These frauds first made their appearance on Twitter but moved on to YouTube as Twitter started weeding these posers out.

These hackers very efficiently gave their scheme an air of legitimacy by live streaming (on 30+ accounts) one of Bill Gates talk given to an audience at Village Global in June 2019 and adding a pop of messages of the Ponzi Scheme. This Ponzi scheme was live streaming on these accounts on YouTube- Microsoft US, Microsoft Europe, Microsoft News, and others.

Though both YouTube and Microsoft denied that any official accounts were hacked some users did report that they found the stream on Microsoft's nonverified accounts.

Most of the scam videos were streaming from hacked accounts with high subscriber numbers, that were renamed as Microsoft US, Microsoft Europe and such to seem more official. The viewed number of the videos was in tens and thousands, also the Bitcoin address in the scheme received thousands of US dollars thus successfully scamming some users.

 Various other organizations have been used by such hackers like Chaos Computer Club, a famous Germany-based hacking community, had their accounts hacked and broadcasted with a similar cryptocurrency scheme.
The most recent and popular case was when the YouTube account of YouTube's founder was hacked back in January. So, these sorts of fraudulent schemes have now become a common affair and it's at the hands of the users not to pay heed to these. Always check the legitimacy of these accounts and it's good to remember to think twice before giving in to an offer that's too good to be real.

The existence of malware is hardly a new thing. In the last few years, however, the more malicious trend of ransomware has become more and more common.

PewDiePie, the famous Swedish Youtuber, is no stranger to controversy. This time he is in the news again for the wrong reason after a user, who claims to be his fan, released ransomware with a note that reads ‘Subscribe to PewDiePie’.

This is not the first time PewDiePie's fans have pulled an extreme stunt to keep the Swedish vlogger as the most popular YouTuber.

According to The Independent, the ransomware PewCrypt is designed in such a way that it locks people from accessing their data. The ransomware claims that users will not get back their data until PewDiePie gets 100 million subscribers on YouTube.

Rather than destroying a computer per-say, ransomware generally locks out the user's files via encryption. The only way to get them back is to pay a ‘ranson’ (usually in bitcoin) and even then, it’s hardly a guarantee.

In a report via TheStar, it seems that the latest ransomware trending has bizarre links to the current subscriber battle between Pewdiepie and T-Series. It is unclear how the ransomware is distributed or how many victims it has claimed so far.

“If T-Series beats PewDiePie the private key will be deleted and your files are gone forever!” the report said quoting the threat that appears on the ransomware.

This, in itself, is a questionable target. While the two have been swapping the top spot for about 2 months now, T-Series has taken a pretty strong (but not overwhelming lead).

The developer backtracked on their threat and released a decryption tool but not before posting the open-sourced ransomware on Twitter under the username JustMe – the account is disabled at the moment – potentially allowing others to modify and use PewCrypt freely.