A complex cybercrime operation has been revealed, targeting YouTube creators with fake copyright claims. Cybercriminals are pressuring these creators to distribute cryptocurrency mining malware, disguised as tools for circumventing Internet restrictions.
The attackers submit two fraudulent copyright complaints against YouTube creators, taking advantage of the platform’s three-strike policy, which can result in channel termination. They then threaten a third strike, forcing YouTube creators to unknowingly promote harmful links under the guise of protecting their accounts.
Many YouTube creators, eager to maintain their audience and income, comply without realizing that the software they are sharing contains malware. This has led to thousands of infections, with the potential to impact even more users.
The malware, known as SilentCryptoMiner, capitalizes on the growing demand for tools that bypass Internet restrictions. The attackers conceal the malware within a modified version of a legitimate Deep Packet Inspection (DPI) circumvention tool that was originally available on GitHub.
While the tool seems to operate normally, it secretly installs SilentCryptoMiner in the background, which hijacks the victim’s system resources to mine cryptocurrency. This not only slows down the affected devices but also increases electricity usage.
Scope of the Attack:
– Over 2,000 confirmed infections, with the actual number likely much higher.
– One compromised YouTube channel with 60,000 subscribers disseminated malware through several videos.
– The malicious links garnered over 400,000 views.
– The fraudulent website hosting the infected archive recorded more than 40,000 downloads.
– A notable increase in the use of Windows Packet Divert drivers, typically found in bypass utilities, was observed—rising from 280,000 in August to 500,000 in January, totaling over 2.4 million detections in six months.
Unlike typical malware campaigns, this attack utilizes trusted YouTube creators as unknowing participants, making viewers more inclined to download the software.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
