Several YouTube user channels, old and new, started uploading popular Hollywood movies and hit TV series, including some dubbed in Hindi, which have already amassed vast viewing numbers in just a few weeks. The hackers have edited the pirated titles to contain a previously registered track so that the video can be monetized on YouTube after its upload.
Many of these appear to be hijacked personal accounts targeted by credential stuffing attacks, using credentials acquired via data breaches on other platforms. The previously listed videos on these channels are mostly user-generated tutorials and other personal content.
The creation date for the user channels that are suddenly uploading pirated titles ranges from the dawn of YouTube to 2023. Even so, cybercriminals may have created some of these accounts in advance in preparation for the operation they were about to deploy.
These illegal movie and TV series uploads circumvented Content ID, YouTube’s anti-piracy fingerprinting system. The hijackers created or obtained tracks that were not detected by Content ID, which they then illegally registered with Distrokid, CD Baby, or Tunecore.
The hackers can make money by tampering with the popular pirated titles, adding their track at the end of the video. Once the YouTube scan matches the illegally registered song in the uploaded video, the crooks can monetize it.
Stolen user credentials can be obtained from various info-stealer malware campaigns that infect user machines. Last month, breach notification service Have I Been Pwned signaled a recent data dump containing over 360 million stolen accounts scraped from several Telegram cybercrime channels.