Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Unknown Hacker Takes Control of Multiple YouTube Channels to Spread Bill Gates-Themed Ponzi Scheme

Unknown: A currently unknown hacker has taken over multiple YouTube accounts and renamed them to match Microsoft brand names. The accounts, with names including Microsoft News and Microsoft US, were used to post crypto-currency investment videos featuring a speech given by Bill Gates in June 2019 on startups. The video urges watchers to participate in a “crypto giveaway.” The scheme is not a new one—it seeks to trick people into sending Bitcoin or other crypto-currencies to the scammer’s wallet with a promise of doubling their initial investment. In some cases, the scam claims to exploit a flaw with Bitcoin that allows the scammer to double currency over a short period of time. The accounts that have been taken over by the scammers are all YouTube channels with high subscriber counts. Currently, there are over 30 channels that have been taken over and renamed using names that are designed to appear to be linked to Microsoft. Microsoft has confirmed that none of the accounts are actually tied to Microsoft in any way.

Analyst Notes

Crypto-currency schemes are nothing new and have come in various forms for years. The hackers were clearly banking on the legitimacy of Microsoft’s name and Bill Gate’s reputation as an investor and businessman to draw victims in. Some of the accounts used in the videos have already received thousands of dollars’ worth of Bitcoin, though it is not guaranteed that all of those funds are from victims. Some scammers operating similar schemes will move varying sums of money around through multiple accounts, including sending funds from dummy accounts to the main receiver account, then doubling the sum and sending it back. By doing this the scammers are able to appear more legitimate and are able to trick potential victims into believing that others have actually seen the doubled return on their investment. Account takeovers often make use of passwords leaked or stolen from other breaches that have been re-used for multiple accounts. It is important to use unique passwords and enable multi-factor authentication to reduce the risk of threat actors taking over accounts. It is also helpful to monitor for brand name misuse online, including YouTube channels being renamed or other inappropriate uses of a company’s name. Binary Defense helps clients by alerting them to leaked passwords and brand name misuse on the Darknet, Clearnet and social media platforms. More information on this incident can be found at