- The creators of YouTube are threatened with copyright complaints
- The way to solve the problem is to share a download link
- The bond distributes trojanized programs that install cryptompe
Cybercriminals have targeted the youtubers with false complaints on copyright, threatening them in the distribution of malware via their videos and canals. T
Kaspersky cybersecurity researchers have recently spotted the campaign in the wild, saying that the majority of victims are Russian.
Kaspersky said he had spotted a video with more than 400,000 views sharing the malicious link, and that the campaign resulted in more than 40,000 downloads (before being lowered).
Tens of thousands of downloads
Kaspersky has said that Windows Packet Divert (WPD), a tool for capturing and injection of network packages in user mode for Windows, is increasingly popular in Russia. It allows applications to intercept and modify network packages at different stages of the Windows network battery, and is used as part of a technological battery that allows users to bypass government censorship.
There are many YouTube video tutorials on how to use WPD tools to do exactly that, and their creators are targeted. Apparently, threat actors would file a complaint to copyright from Youtube, then contact the creators, saying that they were the owners of the tool. They would then demand that the creators add the GitHub download link of the tool to the description of the videos.
Alternatively, they would simply contact the creators claiming to be the developers and would offer a “updated” download link.
However, the GitHub benchmark shared in this way is trojanized and includes a version of the tool that bears a cryptocurrency minor called SilentCryptoner. This is a modification of the infamous Xmrig, and is capable of extracting ETH, etc., XMR and RTM.
“According to our telemetry, the malicious software campaign affected more than 2,000 victims in Russia, but the overall figure could be much higher,” Kaspersky said in his analysis.
Cryptojackers are a type of popular malware that can be easily identified, because the device that executes it can do nothing else, because its computing power is fully used in the operating process.
Via Bleeping Compompute
