Hackers Target YouTube Creators, Send Fake Brand Offers With Malware
At the end of the email, the threat actor includes instructions and a OneDrive link to access a zip file containing the agreement and promotional materials, secured with the password
Hackers Target YouTube Creators, Send Fake Brand Offers With Malware
New Delhi: In an alarming trend, cybercriminals are now increasingly targeting popular YouTube creators by exploiting fake brand collaboration offers to distribute malware, a report showed on Monday.
The malware, disguised as legitimate documents like contracts or promotional materials, is often delivered through password-protected files hosted on platforms such as OneDrive to evade detection, claimed CloudSEK, a cybersecurity firm.
“Once downloaded, the malware can steal sensitive information, including login credentials and financial data, while also granting attackers remote access to the victim’s systems,” said security research Mayank Sahariya.
At the end of the email, the threat actor includes instructions and a OneDrive link to access a zip file containing the agreement and promotional materials, secured with the password. When the YouTube victim clicked the URL in the email, they were directed to a Drive page. The adversary leverages malware and sophisticated techniques for targeted attacks.
Their actions suggest a well-organised group with access to diverse tools and resources. Key characteristics of the campaign include email payload where the malware is hidden within attachments such as Word documents, PDFs, or Excel files, often masquerading as promotional materials, contracts or business proposals.