A recent investigation has uncovered a sophisticated malware campaign using the SilentCryptominer, a crypto currency mining malware, which is distributed through blackmailing YouTubers. Attackers are coercing YouTubers into promoting malicious phishing like under the guise of legitimate software, leading to widespread, unsuspecting installations among viewers.
Modus Operandi
It begins by cybercriminals filing false complaints against videos that discuss tools designed to bypass censorship or regional restrictions. Pretending like original developers of these tools, the attacks put pressure on video creators to upload a video featuring links to theri malicious websites, falsely claiming these are the official download sources. Unaware of the intent, creators comply, resulting in their audiences inadvertently downloading the SilentCryptoMiner malware.
Characteristics of SilentCrypto Miner
SIlentCryptoMiner is a powerful cryptocurrency miner based on XMRig, an open-source mining tool. It supportings mining various cryptocurrencies, including Ethereum (ETH), Monero (XMR), and others. It is designed to evade detection, the malware stops its mining activities upon identifying specific security processes, making it harder to detect without strong knowledge and experience in this matter.
Broader Distribution
Beyond YouTube, Threat actors also disseminated the malware through platforms like Telegram and other video-sharing sites. Attackers used tactics such as SEO poisoning and social engineering to distribute this malware,o ften disguising it as legitimate applications or tools.
This Campaign has was particularly targeted on Russian-speaking users, with reports indicating over 28,000 victims across Russia, Ukraine, Belarus, and surrounding regions. In one instance, a YouTuber with 60,000 subscribers unknowingly promoted the malware, resulting in 40,000 downloads before the issue was identified.
IOCS
Related Reading: Phishing Alert: Deepfake Videos Target YouTube Creators
Follow us on X and Linkedin for the latest cybersecurity news
Source: hxxps[://]securelist[.]com/silentcryptominer-spreads-through-blackmail-on-youtube/115788/
