‘Wanna be friends?’ YouTube comment bot is hacking accounts & spreading malware

A new issue has caught the attention of the cybersecurity community and YouTube users. According to cloud computing security specialists, a rumor was recently spread on “Wanna be friends?” a comment on the video platform that would have the ability to hack users.

Alleged affected users claim that by replying to a comment posted with a bot on YouTube, threat actors could gain access to the victim’s account, rendering it a comment farm to promote fake or malicious content channels, as cloud computing security experts mentioned.

This led to panic, confusion and misinformation among the millions of users of the platform. It is worth to spread the voice about it, so cloud computing security experts detail below everything you should know about this alleged hack and what users can do to protect their accounts.

This security issue gained notoriety when content creator Evanz111 posted a video titled “THE MOST DANGEROUS COMMENT ON YOUTUBE”, in which the user explains how a YouTube hacking account, called “Logan”, uses comments to access other users’ accounts.

The user or group of users behind Logan (also known as Triby or Sounds) appears to have discovered a method to access other YouTube accounts to leave comments on their own channel, pretending that they’re becoming more popular. According to Evanz111, multiple users have lost control of their channel completely due to this hack: “If someone searches for those words on YouTube by applying the upload date filter, they will surely find the comment posted on some video, no matter how many views it has, nor the subject of the video”, the content creator says.

Although Evanz claims that this is one of the most severe security breaches in YouTube history, the content creator known as TheQuatering believes that the risk to users is minimal: “It is very unlikely that a simple comment on YouTube could compromise an account; there is no evidence to support this claim.”

While the youtuber believes there is no such risk, he recommends users implement some simple measures to protect their accounts on the video platform:

  • Periodically change your YouTube password
  • Enable multi-factor authentication
  • Apply Security Check from your Google account

For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies