CryptoEra-BestTimeForCyberCriminal Posted March 5, 2018 Posted March 5, 2018 I've always been a subscriber and fans of Hak5 Youtube Channel. This is the first time I've ever created a post here (I will just sign up minutes ago). Lately I noticed that in the history of my watched video, there would sometimes be some video that I didn't watch, at first I though it was maybe some algorithm problem of youtube because I noticed most of these 'unwatched' video in the history are normally the video that appear in the suggestion list after the video that I 'truly watched' end. But then I realized this have been going on for quite a while, that's when I decided that this is really suspicious (not to mentioned that it wouldn't take very long for the Almighty Google to resolve something I suppose) I guessed I have been hacked, in some way or another. Then actually the first place I went to, is google search 'how to open a support ticket or email Google/Youtube' but it is dead-end. So either I am bad at googling or google really is busy and has no time for this. (Well, that's how I end up here. Don't get mad at me fellas ) Anyway, on a closer inspection, I guess I might have fall victim to a kind of crypto-mining bot/software because I think the name maybe give it away already? : https://drive.google.com/file/d/1kI6jr3yGMUYlE1nMd_1zOsIApix6UQwK/view?usp=sharing As I scroll down to browse the list of history, I came across this names 'CryptoSheldon' a few times. Anyone ever heard of this? I always read cybersecurity article, blog and watch Hak5 Video, but honestly I never heard of this. Any hacker and cyber-security professional have any advice for I can do now? or perhaps anyone can tell me/have way to let Google knows about this? (If, it is ever within their power to help me). Really appreciate. People are just getting more and more creative to steal CPU for crypto-mining purpose and I totally understand. I mean, if I were them I would've also think of whatever way, no matter how trivial it seems, to get CPU from laptop all over the world. So I can totally see this trick coming, but LOL, god I didn't expect I would fall victim for it. Quote
digininja Posted March 5, 2018 Posted March 5, 2018 I don't see how adding extra videos to your watch list would help in crypto mining. I can see it being used to increase the viewer rate of certain videos. The attack would be to silently open a tab or use an iframe and auto play the video muted so that as far as youtube is concerned you've watched the video in a legit way. There is probably a minimum time that would be needed to count as a watch before the window could be closed. Quote
CryptoEra-BestTimeForCyberCriminal Posted March 5, 2018 Author Posted March 5, 2018 Hi digninja, Hm....so I guess the fact that the username of the uploader contains the word 'Crypto' is just a coincidence? Also, what you mean is, this is an attack, but not likely the attack that involve mining, but just a trick to 'boost' the like and view of a video right? I guess there's only one question left, and the most important one: How did I even fall victim for this? It is not even a browser plugin kind of thing. And I believe I have practice good browsing hygiene (no same password on different site, don't click any link in email or pop-up window, always check that a website is HTTPS before continue etc.) I am wondering if you have any good article or good read about this kind of attack? I would really be interested to learn more. Quote
digininja Posted March 5, 2018 Posted March 5, 2018 (edited) You can call yourself whatever you want so yes, could be. Or they could have other bits to their bot that also do crypto mining and this is just the bit that you've noticed. If it is this, you could have got caught in loads of different ways, have a look at this <link removed> for some ideas. Edited March 5, 2018 by digininja The link was for a proof of concept, it is no longer needed 1 Quote
digininja Posted March 5, 2018 Posted March 5, 2018 There you just proved that you will click on a HTTP, not HTTPS link from a random stranger. Everyone does it, most people won't admit it though. 1 Quote
digininja Posted March 5, 2018 Posted March 5, 2018 If I'd redirected you to a page that had a bunch of youtube videos embedded in it then that would have achieved the same as you were describing at the start. You don't need to be "attacked" or to be vulnerable in some way, you just have to use the internet. Quote
CryptoEra-BestTimeForCyberCriminal Posted March 5, 2018 Author Posted March 5, 2018 Hm...true enough, I just clicked on your HTTP link without noticing it. Guess I really need to be more careful and discipline with my internet browsing hygiene. Quote
digininja Posted March 5, 2018 Posted March 5, 2018 Even if it was HTTPS not HTTP, it wouldn't matter as I have full control of the content you are viewing, the only difference is whether you are viewing it over an encrypted channel or not. The lesson, not meaning this in a bad way, is never to think that you are perfect and don't make mistakes or do things you really know that you shouldn't. For anyone who doesn't believe me, read up on how Anonymous was taken down. One small slip by Sabu brought the whole thing down and regardless of what you think of them morally or ethically, they are/were a bunch of very intelligent people. Back to your original question, as I said, there are loads of different ways they could have got you and, without a lot more info that could only really have been collected at the time, you'll probably never know. You could try keeping an eye on this history list, maybe daily, and if you notice any additions then check your browser history for that day. You can't rule anything out as even top corporate sites can include malicious adverts, but you might be able to spot a pattern and narrow things down. Quote
CryptoEra-BestTimeForCyberCriminal Posted March 5, 2018 Author Posted March 5, 2018 Thanks digninja. First time I got into this kind of thing, and the first time I joined the Hak5 Forum. I must said all these are really eye-opening for me. Thanks for your comment on my post. Cyberspace really is an interesting space~ Quote
digininja Posted March 5, 2018 Posted March 5, 2018 It is an amazing area, you just have to keep a very open mind and never rule things out. Quote
i8igmac Posted March 5, 2018 Posted March 5, 2018 This is simply a legit YouTube video. well Maybe copyright content but thats it. Possibly he has other videos with instructions to downloading software to hack your wifes cellphone. The only harm a person could do with a YouTube page is post links to cpumining software or verbal instructions. Monitor your cpu. this should be a habit for any puter neerd. Quote
Forkish Posted March 9, 2018 Posted March 9, 2018 On 3/5/2018 at 11:56 AM, CryptoEra-BestTimeForCyberCriminal said: Guess I really need to be more careful and discipline with my internet browsing hygiene. If you’re on a laptop/desktop, install uMatrix by Gorhill. I suggest then globally blacklisting everything and slowly whitelisting things that are needed. it can be a pain at times but know that the time spent refreshing certain websites a few extra times will be worth it. If you’re on an iPhone I suggest the browser Brave, which is opensource (github here https://github.com/jcs/endless) and allows for some great global control such as script & xhr control, cookie wiping , built in https-everywhere and user agent control. plus it’s wicked quick. Quote
vailixi Posted September 1, 2018 Posted September 1, 2018 Pretty straight forward. Sounds like something a teenager would do on public wifi like a at a library. Illegal, mostly pointless, and not very profitable. Clone target webpage Insert obfuscated coinhive hoplink in cloned page do MITM attack with DNS spoofing and use cloned page to harvest credentials Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.