Cybersecurity agency Kaspersky revealed a YouTube crypto malware blackmail the place attackers leverage the platform’s copyright strike system to coerce influencers into including malicious hyperlinks to their video descriptions.
These actions directed unsuspecting viewers to malware-infected downloads as YouTube content material creators gave in to the blackmail.
Kaspersky Reveals SilentCryptoMiner
Kaspersky’s report reveals that hackers exploit the belief that YouTube influencers have constructed with their audiences, making this marketing campaign notably harmful. It cites a malware marketing campaign the place cybercriminals distribute malware disguised as instruments for bypassing digital restrictions.
Particularly, the hackers exploit copyright complaints, threatening and blackmailing YouTube content material creators into selling SilentCryptoMiner. SilentCryptoMiner is a complicated crypto-mining Trojan primarily based on the favored open-source mining software program XMRig.
In line with the report, the malware mines cryptocurrencies akin to Ethereum (ETH), Ethereum Traditional (ETC), Monero (XMR), and Ravencoin (RVN). It additionally makes use of the Bitcoin blockchain to keep up management over botnets.
Over the previous six months, Kaspersky has detected greater than 2.4 million Home windows Packet Divert driver situations. Reportedly, cybercriminals leverage these to govern community visitors. They current many instruments as legit software program options however include hidden malicious payloads.
As soon as put in, the malware persists on a sufferer’s system, bypassing safety measures and modifying important system recordsdata.
Within the report, Kaspersky highlights a case by which a YouTuber with 60,000 subscribers unknowingly helped distribute the malware. The creator initially posted movies demonstrating learn how to bypass sure on-line restrictions and included a hyperlink to a supposed restriction bypass device.
Nevertheless, the file was contaminated with SilentCryptoMiner. Later, they edited the contaminated video description to take away the hyperlink, changing it with a warning stating that this system “does not work.”
“Next, the attackers threatened the content creators under the pretext of copyright infringement, demanding that they post videos with malicious links or risk shutdown of their YouTube channels. This way, the scammers were able to manipulate the reputation of popular YouTubers to force them to post links to infected files,” learn an excerpt within the report.
Use of Copyright Strikes to Coerce YouTubers
In a extra insidious transfer, hackers have additionally filed false copyright claims towards YouTubers who refuse to cooperate. By threatening content material creators with channel takedowns, cybercriminals have compelled them into distributing the malware.
Cybersecurity consultants warn that YouTube and different social media platforms might not be the one targets of such blackmail schemes. Dangerous actors may quickly deploy comparable techniques on Telegram and different messaging platforms the place influencers have interaction with their communities.
Due to this fact, customers ought to stay cautious when downloading software program from unverified sources. What look like seemingly useful instruments can function a gateway for malicious actions. In the meantime, this discovery comes only a month after Kaspersky uncovered one other main cybersecurity risk.
“Our experts have discovered a new data-stealing Trojan, SparkCat, active in the App Store and Google Play since at least March 2024. SparkCat leverages machine learning to scan image galleries, stealing cryptocurrency wallet recovery phrases, passwords, and other sensitive data hidden in screenshots,” the agency claimed.
This highlights the rising dangers that cryptocurrency traders face. As YouTube influencers develop into prime targets for cybercriminals, blockchain intelligence platform Arkham has begun monitoring their portfolios.
The brand new function, dubbed “Key Opinion Leader (KOL) Label,” tracks the wallets of influencers with over 100,000 followers on X. This implies traders can monitor whether or not influencers genuinely again the tokens they promote or if their endorsements are merely paid promoting. This highlights how influencers’ position extends past social media.
Disclaimer
In adherence to the Belief Mission tips, BeInCrypto is dedicated to unbiased, clear reporting. This information article goals to offer correct, well timed data. Nevertheless, readers are suggested to confirm information independently and seek the advice of with an expert earlier than making any choices primarily based on this content material. Please observe that our Phrases and Situations, Privateness Coverage, and Disclaimers have been up to date.