Cybersecurity company Kaspersky has revealed YouTube Crypto Malware Blackmail. The attacker leveraged the platform’s copyright strike system to force influencers to add malicious links to the video description.
These actions were directed to unsuspecting viewers towards malware-infected downloads, as YouTube content creators gave to their horrifying mail.
Kaspersky reveals Silent Cryptominer
Kaspersky’s report reveals that the campaign is particularly dangerous as hackers leverage the trust YouTube influencers have built with their audiences. It cites malware campaigns in which cybercriminals distribute malware disguised as tools to bypass digital restrictions.
Specifically, hackers use copyright complaints to blackmail YouTube content creators by threatening to promote SilentCryptoMiner. SilentCryptominer is a sophisticated crypto mining trojan based on the popular open source mining software XMRIG.
According to reports, malware mines cryptocurrencies such as Ethereum (ETH), Ethereum Classic (ETC), Monero (XMR), and Ravencoin (RVN). It also uses the Bitcoin blockchain to maintain control over the botnet.
Over the past six months, Kaspersky has discovered over 2.4 million Windows Packet Divert Driver instances. Cybercriminals reportedly use these to manipulate network traffic. They present many tools as legitimate software solutions, but contain hidden malicious payloads.
Detour detection of dynamics in Windows packets. Source: Kaspersky
Once installed, the malware persists on the victim’s system, bypassing security measures and modifying critical system files.
The report highlights cases where YouTubers with 60,000 subscribers helped distribute malware without their knowledge. The author first posted a video showing how to bypass certain online restrictions, including a link to the expected limit bypass tool.
However, the file was infected with SilentCryptominer. They then edited the description of the infected video to remove the link, replacing the program with a warning that it “doesn’t work.”
“The attacker then threatened content creators under the pretext of copyright infringement, requesting that they post a video with malicious links or risk of shutting down their YouTube channels. In this way, the scammers were able to manipulate the reputation of popular YouTubers and force them to link to infected files,” read the excerpt from the report.
Using copyright strikes to enforce YouTubers
In a more insidious move, hackers also filed false copyright claims against YouTubers who refused to cooperate. By threatening content creators with channel takedowns, cybercriminals forced the distribution of malware.
Cybersecurity experts have warned that YouTube and other social media platforms may not be the sole targets of such horrifying email schemes. Bad actors can quickly deploy similar tactics to Telegram and other messaging platforms where influencers engage their communities.
Therefore, users should be cautious when downloading software from unverified sources. What appears to be useful tools at first glance acts as gateways for malicious activities. Meanwhile, the discovery comes just a month after Kaspersky exposed another major cybersecurity threat.
“Our experts have discovered machine learning to scan new targets = “_ blank” rel = “noreferrer noopener”>image gallery and stole the recovery phrases, passwords, and other sensitive data hidden in screenshots from cryptocurrency wallets,” the company claimed.
This underscores the increased risks faced by cryptocurrency investors. Once YouTube influencers became the main target of cybercrime, blockchain intelligence platform Arkham has begun tracking its portfolio.
A new feature called the Key Opinion Leader (KOL) Label tracks the wallets of influencers with over 100,000 followers on X. This means investors can either truly back back the influencer-promoted tokens or monitor whether the support is simply paid ads. This highlights how influencer roles spread beyond social media.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
