Symbols

YouTube Creators Blackmailed to Spread Crypto-Mining Malware

Generated by AI AgentCoin World

Tuesday, Mar 11, 2025 3:42 pm ET1min read

Criminals have been exploiting YouTube creators by blackmailing them into promoting crypto-mining malware, according to a report from cybersecurity firm Kaspersky. The hackers are leveraging the growing popularity of Windows Packet Divert drivers, which allow users to bypass geographic restrictions, to distribute malicious software.

Kaspersky's systems have identified these drivers on 2.4 million devices over the past six months, with a steady increase in downloads each month since September. The rise in these drivers has led to an increase in YouTube tutorials on how to download and install them. However, criminals have found a way to insert links to the SilentCryptoMiner malware into the descriptions of these videos.

One common tactic used by these criminals is to submit a copyright strike against a video and then contact the creator, claiming to be the original developer of the driver discussed in the video. Kaspersky reports that these criminals were able to reach a popular YouTuber with 60,000 subscribers, ultimately adding a malicious link to videos with over 400,000 views. Instead of leading to a legitimate repository, the links directed viewers to an infected archive, which has since been downloaded over 40,000 times.

By threatening YouTube creators with copyright strikes and takedowns, the criminals have been able to infect approximately 2,000 computers in Russia with crypto-mining malware. However, the total number of infected computers could be significantly higher if other campaigns launched in Telegram channels are included.

Leonid Bezvershenko, a Security Researcher at Kaspersky’s Global Research and Analysis Team, notes that this tactic of coercing influencers is a more aggressive and unique approach. “By capitalizing on the trust between YouTubers and their audiences, attackers create large-scale infection opportunities,” he said. The mining malware used, SilentCryptoMiner, is based on the open-source miner XMRig and is used to mine tokens such as Ethereum, Ethereum Classic, Monero, and Ravencoin. It injects itself into a computer’s system procedures via process hollowing and can be controlled remotely by its originators.

Most of the victims identified in this campaign are in Russia, and the malware was primarily available to Russian IP addresses. However, attackers often target opportunities wherever they see them. This latest campaign comes at

Coin World

Quickly understand the history and background of various well-known coins

Latest Articles

Stay ahead of the market.

Get curated U.S. market news, insights and key dates delivered to your inbox.

Comments

﻿

Add a public comment...

No comments yet

AInvest
PRO

Editorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process. While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context. Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue