Uncovering Malicious Cryptocurrency Scam Domains and Hacked YouTube Channels
Essential information
- Published
- 19/02/2026 15:26
- Modified
- 19/02/2026 18:13
- Tags
- 2026-02-19 cryptocurrency scams hacked youtube channels lookalike domains phishing protective dns session hijacking ytstealer
- Related entities
- 1 intrusion sets (apt), 1 techniques (mitre), 1 malware, 24 others
Description
Infoblox security researchers have discovered a group of malicious domains hosting cryptocurrency scams, some linked to hacked YouTube channels. The domains, initially registered under CryptDesignBot, frequently change registrars to conceal information. They use lookalike domains to impersonate legitimate brands. Hacked YouTube channels are exploited to promote scam crypto domains through fake livestreams. The scams often claim to double cryptocurrency, mimicking old RuneScape scams. Many domains use keywords associated with celebrities and brands like Elon Musk and Tesla. Protective measures include implementing protective DNS, securing cookies, using HTTPS, generating random session IDs, and setting session timeouts. Infoblox's BloxOne Threat Defense offers protective DNS capabilities to combat sophisticated threats.