HomeCyber SecurityLinus Tech Tips YouTube Channel Hacked and Deleted: Malware Analyst Share Malware...

Linus Tech Tips YouTube Channel Hacked and Deleted: Malware Analyst Share Malware Analysis and Preventive Measures

A High-Profile Channel Hacked

Linus Tech Tips YouTube Channel Hacked and Deleted. Linus Tech Tips is a tech YouTube channel with over 15 million subscribers, was recently hacked, which led to live streaming of Elon Musk crypto scams and eventually the channel being deleted.

In this article, will explain the malware sample that caused the hack, discuss how it happened, and explain why it might not have been caught by the channel’s antivirus program. Furthermore, we’ll examine the entire attack chain, starting with the malicious emails.


The Malicious Emails: A Common Starting Point

The attack began with an email pretending to be a sponsorship offer from a person claiming to be a PR manager for the sponsor company. It is essential to mention that domain name mismatches with the company are not necessarily a red flag, as many big companies hire PR firms to manage their outreach and communications.

Malicious Email
Malicious Email, source: The PC Security Channel

Attackers usually do not send malware attachments in the initial email. Instead, they wait until the recipient replies to their email before sending a zip file containing the malware.


The Deceptive Malware: An Easily Overlooked Threat

In this case, the malware was hidden in what appeared to be a PDF file. However, upon closer inspection, it turned out to be a .scr application, a type of file that can act as an application in Windows. Many people may not even know what a .scr file is, making this type of attack particularly deceptive.

scr application as a PDF file
.scr application as a PDF file

The file was over 700 MB in size, which likely caused many online scanners and traditional defense mechanisms to skip it, assuming it was too large to be a malware file.

However, when examining the file with a hex editor, it was revealed that most of the file was empty space.

Empty ainside the PDF File
Empty space inside the PDF File

This is a common technique used by attackers to bypass scanners and make their files more challenging to analyze.


Redline Stealer Malware: Stealing Session Tokens

The malware sample turned out to be a Redline Stealer, a popular info-stealer available for purchase on the black market. Once executed, it steals session tokens from YouTube and other popular websites, allowing attackers to access the victims’ accounts.

This malware even bypasses two-factor authentication and strong passwords, rendering them ineffective.


Preventing Future Attacks: Lessons from Linus Tech Tips

To prevent such attacks in the future, it’s essential to practice the principle of least privilege, especially for large YouTube channels. Limiting management access to only a few senior staff members can reduce the risk of unauthorized access.

Moreover, having a robust security program installed on the system is crucial, as common sense alone cannot protect against all threats.


The Limits of Virus Total

Relying solely on online tools like Virus Total for scanning suspicious files isn’t enough. These tools often provide superficial results and don’t analyze malicious behavior as effectively as an antivirus installed on the system would.

Therefore, it’s essential to use a comprehensive security program to protect against malware attacks.


Conclusion: Stay Informed and Secure

In conclusion, it’s crucial to be aware of the risks and take preventive measures to secure YouTube channels and other online accounts. Employing the principle of least privilege, using strong security programs, and being cautious with email attachments can significantly reduce the chances of falling victim to hacking attacks like the one that targeted Linus Tech Tips.




A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.



Please enter your comment!
Please enter your name here

2 × four =

Most Popular


- Advertisement -