A High-Profile Channel Hacked
Linus Tech Tips YouTube Channel Hacked and Deleted. Linus Tech Tips is a tech YouTube channel with over 15 million subscribers, was recently hacked, which led to live streaming of Elon Musk crypto scams and eventually the channel being deleted.
In this article, will explain the malware sample that caused the hack, discuss how it happened, and explain why it might not have been caught by the channel’s antivirus program. Furthermore, we’ll examine the entire attack chain, starting with the malicious emails.
The Malicious Emails: A Common Starting Point
The attack began with an email pretending to be a sponsorship offer from a person claiming to be a PR manager for the sponsor company. It is essential to mention that domain name mismatches with the company are not necessarily a red flag, as many big companies hire PR firms to manage their outreach and communications.

Attackers usually do not send malware attachments in the initial email. Instead, they wait until the recipient replies to their email before sending a zip file containing the malware.
The Deceptive Malware: An Easily Overlooked Threat
In this case, the malware was hidden in what appeared to be a PDF file. However, upon closer inspection, it turned out to be a .scr application, a type of file that can act as an application in Windows. Many people may not even know what a .scr file is, making this type of attack particularly deceptive.

The file was over 700 MB in size, which likely caused many online scanners and traditional defense mechanisms to skip it, assuming it was too large to be a malware file.
However, when examining the file with a hex editor, it was revealed that most of the file was empty space.

This is a common technique used by attackers to bypass scanners and make their files more challenging to analyze.
Redline Stealer Malware: Stealing Session Tokens
The malware sample turned out to be a Redline Stealer, a popular info-stealer available for purchase on the black market. Once executed, it steals session tokens from YouTube and other popular websites, allowing attackers to access the victims’ accounts.
This malware even bypasses two-factor authentication and strong passwords, rendering them ineffective.
Preventing Future Attacks: Lessons from Linus Tech Tips
To prevent such attacks in the future, it’s essential to practice the principle of least privilege, especially for large YouTube channels. Limiting management access to only a few senior staff members can reduce the risk of unauthorized access.
Moreover, having a robust security program installed on the system is crucial, as common sense alone cannot protect against all threats.
The Limits of Virus Total
Relying solely on online tools like Virus Total for scanning suspicious files isn’t enough. These tools often provide superficial results and don’t analyze malicious behavior as effectively as an antivirus installed on the system would.
Therefore, it’s essential to use a comprehensive security program to protect against malware attacks.
Conclusion: Stay Informed and Secure
In conclusion, it’s crucial to be aware of the risks and take preventive measures to secure YouTube channels and other online accounts. Employing the principle of least privilege, using strong security programs, and being cautious with email attachments can significantly reduce the chances of falling victim to hacking attacks like the one that targeted Linus Tech Tips.