“A massive malware campaign” has been uncovered, with Russian YouTubers being forced to spread crypto-mining malware.
The campaign has affected more than 2,000 victims in Russia, while the total number of victims could be much higher. Cybersecurity specialist Kaspersky exposed the scheme.
The malware, which was also posted on a YouTube channel with 60,000 subscribers, was disguised as a tool for bypassing blocks based on deep packet inspection. What's more, the legitimate version of the tool is published on GitHub, where it has been starred more than 10,000 times.
In the descriptions of their tutorials about bypassing blocks, YouTubers posted a link to a malicious archive, later editing the description to inform their viewers that the “program does not work.”
According to Kaspersky, this criminal scheme works as follows: Attackers, pretending to be the developers of the tool for bypassing blocks, threaten YouTubers with copyright infringement claims and demand that they post videos with malicious links – or risk the shutdown of their YouTube channels.
"This way, the scammers were able to manipulate the reputation of popular YouTubers to force them to post links to infected files," the researchers said.
Moreover, a Telegram channel with 340,000 subscribers was also found distributing the malicious link.
Per the findings, the crypto miner is designed to mine crypto assets such as ethereum classic (ETC), monero (XMR), and others.
"The malware is able to stop mining while the processes specified in the configuration are active. It can be controlled remotely via a web panel," the researchers noted, adding that the miner is coded to scan for indicators of running in a virtual environment and check the size of the executable itself.
Your email address will not be published. Required fields are markedmarked