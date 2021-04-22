FortiGuard Labs Threat Research Report

Affected platforms: YouTube platform

Impacted parties: YouTube platform, YouTube users, and @chamath

Impact: Loss of funds and reputation

Severity level: Critical

Many people today, especially as the effects of Covid-19 continue to linger, spend time at home looking for ways to interact with the outside world. This has led to a significant increase in Social Media interactions, primarily on media streaming websites like YouTube. And as new activities like this trend, malicious entities are never far behind. Like many of you, I too am always on the hunt for original content on YouTube. But while recently doing so, I accidently stumbled upon a 'LIVE' Bitcoin (Ƀ) donate/exchange scam video.

After verifying that this video was not just a scam but also malicious in nature (which I explain in this blog), the FortiGuard Labs team reached out to the YouTube platform for assistance in taking the video down in the interest of user safety.

Essentially, this is a typical scam, much like the recent Bitcoin exchange scams seen on Twitter. But this is a first for the YouTube platform. And it also made the claim that it was LIVE. And unlike previous scams falsely making use of @elonmusk, this one illegitimately makes use of @chamath of Social Capital.

In the following sections you will find technical details on how we identified this recent live BitCoin scam. And hopefully, one takeaway from this article will be that, going forward, readers will check the authenticity of the YouTube/social-media channels they follow to ensure that the content being provided is not malicious in nature.

Due to Covid-19 quarantining, as well as the recent spikes in the value of the stock market and cryptocurrencies, more people than ever are at home looking for live stock market/crypto-related content on streaming platforms like YouTube, etc. This might be to compensate for the lack of in-person interactions that we would normally have in a non-Covid-19 world, as well as to perhaps make some quick income on the side During a random midnight search for similar content, I accidently stumbled upon a LIVE Bitcoin scam on YouTube (yes, this time it was on YouTube and not on Twitter). YouTube has several labels/buttons on its home page to identify trending categories of videos, and this one indicated that several scams were streaming 'live'. The first video I saw after clicking the Live button was titled, 'Chamath Palihapitiya - What will be the New World of Finance? | SPACs, Coinbase IPO and NFT' with the URL link 'hxxps://www[.]youtube[.]com/watch?v=cFstoyKl99s'. (Note that this address has been changed several times just in the last three days. The address listed here was the last known occurrence of this scam. Since we flagged multiple Video URLs by this attacker in the last 3 days, as of now YouTube has taken down the entire YouTube channel.)

The first thing that caught my eye was that, unlike other live-streamed videos on YouTube, this one used a smaller than usual video screen-size [1].