Damn, so basically something that stole the login cookie. IMO browsers in general need to be more secure when it comes to cookies. They should be encrypted, and you would have the option of setting a pin for when you open your browser, the pin would unlock the key to decrypt the cookies. It would only do it for that session. This could be annoying mind you, so it should be optional.
Also websites can steal your cookies, this to me is a big design flaw in how browsers handle cookies (and the encryption idea won't stop that) and to me, it should only be possible for a domain to get cookies from it's own domain, and that's it. It's very possible that they did not even need to install anything on their machine, simply going to a malicious site was probably enough.
What they probably need to do is like suggested in the video, only have one or few machines that is logged into the channels. This could even be a VM that everyone who needs to upload videos has access to but the point is to ensure that machine can't be used for anything else and is clean.
When coding a web based authenticator myself, I have tried to consider what happens if the login cookies are stolen, and have not figured out something to prevent that yet. The only thing that seems to make sense is to lock the session cookie to the IP address, but the issue with that is any time your IP changes you'd get logged out, so that would be quite annoying. With my authenticator it's very hard to take over an account though. You need to click a confirmation link in an email to change the password. You also need to do the same to change the email. So a hacker would also need to have access to the person's email account. Seems to me big sites like Google should be doing the same thing. They could also have a bit of intelligence where if it detects major unusual activity, like mass renaming videos, it would stop you and ask you to re-authenticate and confirm via email or 2FA.