YouTubers targeted by blackmail campaign to promote malware on their channels

News
By
published

Hackers are blackmailing YouTube creators into sharing a cryptominer

botnet
(Image credit: Shutterstock / Jaiz Anuar)
  • YouTube creators are being threatened with copyright claims
  • The way to resolve the problem is to share a download link
  • The link distributes trojanized programs that install a cryptominer

Cybercriminals have been targeting YouTubers with fake copyright claims, threatening them into distributing malware through their videos and channels. T

Cybersecurity researchers at Kaspersky recently spotted the campaign in the wild, claiming the majority of the victims are Russian.

Kaspersky said it spotted a video with more than 400,000 views sharing the malicious link, and that the campaign resulted in more than 40,000 downloads (before being pulled down).

Tens of thousands of downloads

Kaspersky said Windows Packet Divert (WPD), a user-mode network packet capture and injection tool for Windows, is growing increasingly popular in Russia. It allows applications to intercept and modify network packets at various stages in the Windows network stack, and is used as part of a tech stack that allows users to bypass government censorship.

There are many YouTube video tutorials on how to use WPD tools to do just that, and their creators are being targeted. Apparently, threat actors would file a copyright claim with YouTube, and then reach out to the creators, claiming they were the tool’s owners. They would then demand the creators add the tool’s GitHub download link in the videos’ description.

Alternatively, they would just reach out to the creators claiming to be the developers and offering an “updated” download link.

However, the GitHub repository being shared this way is trojanized and includes a version of the tool that carries a cryptocurrency miner called SilentCryptoMiner. This is a modification of the infamous XMRig, and is capable of mining ETH, ETC, XMR, and RTM.

"According to our telemetry, the malware campaign has affected more than 2,000 victims in Russia, but the overall figure could be much higher," Kaspersky said in its analysis.

Cryptojackers are a popular type of malware which can be easily spotted, since the device running it cannot do anything else, as its compute power is fully utilized in the mining process.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A TV remote pointing at YouTube logo
YouTube warns of phishing video using its CEO as bait
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Huge cybercrime attack sees 390,000 WordPress websites hit, details stolen
An abstract image of digital security.
Hundreds of GitHub repositories hijacked to trick users into downloading malware
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Red padlock open on electric circuits network dark red background
CrowdStrike warns of fake job offer scam that is actually just malware
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
Latest in Security
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
botnet
Another top security camera maker is seeing devices hijacked into botnet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Latest in News
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
Twitter social media application change logo to X. Elon Musk CEO of twitter rebranded Twitter to 'X'. Social media application technology concept.
X is down again – here's everything we know about Twitter's third outage of the day
A laptop on a desk with the Windows 11 background on its screen.
Microsoft is adding image editing and compression to its Windows Share feature - and I couldn't be happier
A screen shot from a promotional video showing the HealthBuds fitness tracking earphones from Synseer
These mysterious wireless earbuds claim to monitor your heart and hearing health simultaneously, but there’s a catch
Nvidia geforce rtx 3050
RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet
OnePlus 13
OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go
More about security
A hacker wearing a hoodie sitting at a computer, his face hidden.

Experts warn this critical PHP vulnerability could be set to become a global problem
botnet

Another top security camera maker is seeing devices hijacked into botnet
A laptop on a desk with the Windows 11 background on its screen.

Microsoft is adding image editing and compression to its Windows Share feature - and I couldn't be happier
See more latest
Most Popular
A laptop on a desk with the Windows 11 background on its screen.
Microsoft is adding image editing and compression to its Windows Share feature - and I couldn't be happier
A screen shot from a promotional video showing the HealthBuds fitness tracking earphones from Synseer
These mysterious wireless earbuds claim to monitor your heart and hearing health simultaneously, but there’s a catch
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
AdGuard VPN during TechRadar tests
AdGuard becomes the latest VPN to add post-quantum encryption
Twitter social media application change logo to X. Elon Musk CEO of twitter rebranded Twitter to 'X'. Social media application technology concept.
X is down again – here's everything we know about Twitter's third outage of the day
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 11 (game #373)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 11 (game #639)
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 11 (game #1142)
botnet
Another top security camera maker is seeing devices hijacked into botnet