>>94045780Connect to a malicious server (ie compromised website) or run a malicious program (ie virus disguised as a pdf attached to a business email). The virus scrapes the metadata of your active browser tabs and any other common program you might be running that has account data (steam, banking apps, etc.). It copies the cookie used to identify you as the account owner and sends that data back to its home source. The hacker then uses that copied cookie to access your accounts without needing to input a password or do any security checks.
The process is like 90% automated. Typically it will take your account, change all the login credentials, change the name and profile picture, wipe all previous data and then start uploading its own automated shill content. In Kronii's case it skipped most of those steps because the account that was compromised didn't actually have full admin access to Kronii's channel and only had the power to upload and set thumbnails, which likely means that it was one of the lower-level talent managers who got hacked.
