Stream-Jacking 2.0: Deep fakes power account takeovers on YouTube to maximize crypto-doubling scams

Bitdefender Labs documents an ongoing, evolving campaign of YouTube account takeovers where financially motivated actors use stolen access tokens and automation to rebrand high-subscriber channels, stream deepfake videos (and ads) impersonating public figures, and promote crypto 'doubling' scams via QR codes and malicious sites; the report details TTPs, scale (hundreds of broadcasts, channels with millions of subscribers and billions of views), observed wallet flows (~12 BTC and 10+ ETH across analyzed wallets, ~$528k–$600k), and mitigation recommendations including reporting, vigilance, and the use of detection tools.