Can InfoStealers like the MrBeast scam bypass a Yubikey'ed account?
Hey everyone,
I'm writing this in regards to the MrBeast scam that has been going around Discord lately. Recently I have noticed an epidemic of folks getting hacked by this very scam and based on my initial research I have concluded that this is a Infostealer or a token logger so to say and that most people contract it via downloading cracked games, software, mods or something that was attached to some download file you found on the internet and from what I have gathered, it just doesn't stop there. It seems that this type of malware gets every account you have saved on your computer. Your social media, steam, and all your other accounts and it's so bad that if you get infected, the best thing you can do is to completely wipe your computer and do a fresh install which is the ultimate nuclear option. The worst part? This bypasses 2FA which is the scariest part of this.
And after reading about this and seeing a couple of my buddies fall for the MrBeast scam it's got me thinking... Perhaps it is time for me to buy a Yubikey and link all of my accounts to said Yubikey. My buddy who got hacked and nearly lost his steam, Fortnite, Roblox, and Discord accounts, immediately went ahead and purchased a Yubikey and linked his email, Steam, Fortnite, Discord, and every single important account onto that Yubikey and ever since then he has been preaching everyone including me to purchase it which I am very close to.
I take my account security very seriously. I've got 2FA installed everywhere but with this MrBeast scam going around everywhere it's making me feel that not even 2FA can protect you as this InfoStealer is a very common piece of malware that an average user can easily come into contact with and I do not want to become another victim of this. So, my question for everyone here is what exactly does YubiKeys do that differentiates from your standard authentication 2FA? All my accounts use authentication apps IE: Microsoft authenticator. I know this is a physical key that stores every account you link to it onto that device and you can simply plug it in and you're into your account and another question, can InfoStealers like the MrBeast scam bypass 2FA and can the malicious actor remove your Yubikey from your account? And is having a Yubikey give you a much easier time to restore your compromised account versus you not even having one? I ask these questions as a concerned user as well as someone who has come from the field of IT and who takes account security very seriously.
I appreciate the insights everyone.