- YouTube creators are being threatened with copyright claims
- The way to solve the problem is to share a download link
- The link distributes troyanized programs that install a cryptominer
Cybercriminals have been attacked to youtubers with false copyright claims, threatening them to distribute malware through their videos and channels. T
Kaspersky’s cybersecurity researchers recently saw the campaign in nature, claiming that most victims are Russian.
Kaspersky said he saw a video with more than 400,000 views sharing the malicious link, and that the campaign resulted in more than 40,000 downloads (before being shot down).
Tens of thousands of downloads
Kaspersky said Windows Packet Drive (WPD), a user -mode network capture tool and an injection tool for Windows, is becoming increasingly popular in Russia. It allows applications to intercept and modify network packages in several stages in the Windows network stack, and is used as part of a technological battery that allows users to avoid government censorship.
There are many YouTube video tutorials on how to use WPD tools to do exactly that, and its creators are being attacked. Apparently, the threat actors would file a copyright claim before YouTube and then communicate with the creators, claiming that they were the owners of the tool. They would then demand that the creators add the github discharge link of the tool in the description of the videos.
Alternatively, they would communicate with the creators who claim to be the developers and offer a “updated” download link.
However, the github repository that is shared in this way is Trojan and includes a version of the tool that carries a cryptocurrency miner called SilentCryptominer. This is a modification of the infamous XMRIG, and is capable of ETH mining, etc., XMR and RTM.
“According to our telemetry, the malware campaign has affected more than 2,000 victims in Russia, but the general figure could be much higher,” Kaspersky said in his analysis.
Cryptojackers are a popular type of malware that can be easily seen, since the device that executes it cannot do anything else, since its calculation power is completely used in the mining process.
Through Bleepingcomputer
