Hackers Upload Monetized Pirated Movies on YouTube via Compromised User Channels

• An increased number of pirated movies and TV series flooded YouTube in the past weeks.
• These appear to be uploaded via basic user channels, which is an indicator of account hijacking.
• The nefarious actors’ purpose is to monetize these videos by adding an illegally-registered track.

Several YouTube user channels, old and new, started uploading popular Hollywood movies and hit TV series, including some dubbed in Hindi, which have already amassed vast viewing numbers in just a few weeks. The hackers have edited the pirated titles to contain a previously registered track so that the video can be monetized on YouTube after its upload.

Many of these appear to be hijacked personal accounts targeted by credential stuffing attacks, using credentials acquired via data breaches on other platforms. The previously listed videos on these channels are mostly user-generated tutorials and other personal content.

The creation date for the user channels that are suddenly uploading pirated titles ranges from the dawn of YouTube to 2023. Even so, cybercriminals may have created some of these accounts in advance in preparation for the operation they were about to deploy.

These illegal movie and TV series uploads circumvented Content ID, YouTube’s anti-piracy fingerprinting system. The hijackers created or obtained tracks that were not detected by Content ID, which they then illegally registered with Distrokid, CD Baby, or Tunecore.

The hackers can make money by tampering with the popular pirated titles, adding their track at the end of the video. Once the YouTube scan matches the illegally registered song in the uploaded video, the crooks can monetize it.

Stolen user credentials can be obtained from various info-stealer malware campaigns that infect user machines. Last month, breach notification service Have I Been Pwned signaled a recent data dump containing over 360 million stolen accounts scraped from several Telegram cybercrime channels.