The Malware that hacked Linus Tech Tips | Summary and Q&A

TL;DR

Linus Tech Tips YouTube channel was hacked and livestreamed Elon Musk crypto scams before being deleted. This analysis explores the malware sample, attack chain, and preventive measures.

Key Insights

• 🥸 Malicious emails disguised as sponsorship offers are commonly received by influencers and marketing executives, making it important to exercise caution.
• 📪 A discrepancy in domain names may not always indicate a red flag, as PR firms often handle communication for large companies.
• 👾 Malware samples can utilize empty space to deceive scanners and increase file size, making detection more challenging.
• 🔨 VirusTotal is a useful tool for identifying known malware, but it should not replace an antivirus program's comprehensive scanning and behavioral analysis.
• ♿ Implementing the principle of least privilege, limiting access to critical systems, is important for preventing unauthorized activities.
• 🧑‍🏭 Stored session tokens can be exploited by malware to bypass two-factor authentication and gain unauthorized access to online accounts.
• 👊 Awareness and education about malware attack techniques, such as info stealers, are essential for individuals and organizations.

Transcript

so Linus Tech tips a tack YouTube channel with over 15 million subscribers just got hacked started live streaming Elon Musk crypto scams and then just got deleted in this video we're going to look at the malware sample that did it how it happened why it may not have been caught by their anti-vars program and also the entire attack chain starting wi... Read More

Questions & Answers

Q: How did Linus Tech Tips receive the malware?

Linus Tech Tips received a malicious email posing as a sponsorship offer. The email included an SCR application disguised as a PDF attachment.

Q: Why did Linus Tech Tips click on the attachment if it was suspicious?

The attachment appeared as a PDF and resembled legitimate offer documents from sponsors. Since Linus Tech Tips dealt with numerous sponsorship offers, clicking on such attachments seemed natural.

Q: How does the malware bypass anti-malware programs?

The malware utilizes empty space or padding within the SCR application to increase its file size. Many online scanners skip over large files during scans, allowing the malware to evade detection.

Q: What preventive measures could Linus Tech Tips have implemented?

Linus Tech Tips should have practiced privilege management, limiting access to the YouTube channel to a select few individuals. Additionally, relying solely on common sense is insufficient; implementing robust security measures, such as a reputable antivirus program, is crucial.

Summary & Key Takeaways

• Linus Tech Tips received a malicious email disguised as a sponsorship offer, commonly received by influencers and marketing executives.

• The initial email does not contain malware attachments, but a follow-up email with a seemingly harmless agreement includes an SCR application disguised as a PDF.

• The malware is identified as a Redline Steeler sample, a popular info stealer, capable of exploiting stored session tokens to gain unauthorized access to websites like YouTube.