YouTubers targeted by blackmail campaign to promote malware on their channels

News
By published

Hackers are blackmailing YouTube creators into sharing a cryptominer

botnet
(Image credit: Shutterstock / Jaiz Anuar)
  • YouTube creators are being threatened with copyright claims
  • The way to resolve the problem is to share a download link
  • The link distributes trojanized programs that install a cryptominer

Cybercriminals have been targeting YouTubers with fake copyright claims, threatening them into distributing malware through their videos and channels. T

Cybersecurity researchers at Kaspersky recently spotted the campaign in the wild, claiming the majority of the victims are Russian.

Kaspersky said it spotted a video with more than 400,000 views sharing the malicious link, and that the campaign resulted in more than 40,000 downloads (before being pulled down).

Tens of thousands of downloads

Kaspersky said Windows Packet Divert (WPD), a user-mode network packet capture and injection tool for Windows, is growing increasingly popular in Russia. It allows applications to intercept and modify network packets at various stages in the Windows network stack, and is used as part of a tech stack that allows users to bypass government censorship.

There are many YouTube video tutorials on how to use WPD tools to do just that, and their creators are being targeted. Apparently, threat actors would file a copyright claim with YouTube, and then reach out to the creators, claiming they were the tool’s owners. They would then demand the creators add the tool’s GitHub download link in the videos’ description.

Alternatively, they would just reach out to the creators claiming to be the developers and offering an “updated” download link.

However, the GitHub repository being shared this way is trojanized and includes a version of the tool that carries a cryptocurrency miner called SilentCryptoMiner. This is a modification of the infamous XMRig, and is capable of mining ETH, ETC, XMR, and RTM.

"According to our telemetry, the malware campaign has affected more than 2,000 victims in Russia, but the overall figure could be much higher," Kaspersky said in its analysis.

Cryptojackers are a popular type of malware which can be easily spotted, since the device running it cannot do anything else, as its compute power is fully utilized in the mining process.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A TV remote pointing at YouTube logo
YouTube warns of phishing video using its CEO as bait
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
An abstract image of digital security.
Hundreds of GitHub repositories hijacked to trick users into downloading malware
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Red padlock open on electric circuits network dark red background
CrowdStrike warns of fake job offer scam that is actually just malware
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
Latest in Security
Close up of a person touching an email icon.
Criminals are using CSS to get around filters and track email usage
DeepSeek on a mobile phone
More US government departments ban controversial AI model DeepSeek
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
Latest in News
Helly and Mark standing on an artificial hill surrounded by goats in Severance season 2 episode 3
New Apple teaser for Severance season 2 finale suggests we might finally find out what Lumon is doing with those goats, and I don't think it's anything good
Marvel Rivals
Marvel Rivals' next update will add two new hero skins for Iron Man and Spider-Man mains this week
Lego Pokemon
Pokemon and Lego announce the most electrifying collaboration of all time and I’m going to be first in line
Apple Watch app health
Apple Watch blood pressure monitoring tech revealed in patent
Using Zipped files and folders in Windows 11
Hidden clues suggest Microsoft is moving another part of Windows 11’s Control Panel to the Settings app – and this time it’s mouse options
Core Time 2 and COre 2 Duo watches running Pebble OS
Pebble founder announces two new smartwatches, and they're basically the opposite of an Apple Watch in every way
More about security
Close up of a person touching an email icon.

Criminals are using CSS to get around filters and track email usage
Ransomware

Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Elayne, Egwene, and Nynaeve dressed regally and on horseback in The Wheel of Time season 3

The Wheel of Time season 3 is Prime Video's #2 show – here are 3 more fantasy series with over 85% on Rotten Tomatoes
See more latest
Most Popular
Marvel Rivals
Marvel Rivals' next update will add two new hero skins for Iron Man and Spider-Man mains this week
Helly and Mark standing on an artificial hill surrounded by goats in Severance season 2 episode 3
New Apple teaser for Severance season 2 finale suggests we might finally find out what Lumon is doing with those goats, and I don't think it's anything good
HP LaserJet 8501x
HP launches world's first printers that can resist quantum computer attacks
Artificial intelligence India
Zoom launches AI Companion 2.0 with a major agent focus
handmaid's tale season 4
Everything new on Hulu in April 2025 – catch the final season of The Handmaid's Tale and more
Canon EOS R6 Mark II camera on a magenta / blue background with radar overlay
Canon EOS R6 Mark III: 5 huge upgrades the rumored full-frame camera could have – and needs
Close up of a person touching an email icon.
Criminals are using CSS to get around filters and track email usage
HP EliteBook 6 G1q
What a surprise! HP positions Qualcomm as AMD's only rival in fiercely contested 40+ TOPS business laptop market
HP EliteBook 8 G1a 13-inch
HP launches its first modular laptop: EliteBook 8 G1 is designed to be repaired and upgraded in minutes
HP rebranding
HP follows Dell by simplifying almost its entire PC range across laptops and desktops, just in time for AI