Cybercriminals are using blackmail tactics to force YouTubers into spreading crypto-mining malware, cybersecurity firm Kaspersky warns. Attackers exploit YouTube’s copyright strike system to pressure content creators into posting malicious links in their video descriptions, leading viewers to download infected files. This campaign revolves around a crypto-mining Trojan called SilentCryptoMiner , which secretly mines cryptocurrencies such as Ethereum (ETH), Ethereum Classic (ETC), Monero (XMR), and Ravencoin (RVN). Cybercriminals use this software to hijack victims’ devices for crypto-mining, hiding its activity to avoid detection. Kaspersky’s research highlights that hackers abuse the trust that YouTubers have built with their audiences. They disguise malware as tools for bypassing online restrictions, tricking influencers into sharing them. A YouTuber with 60,000 subscribers unknowingly helped spread the malware, initially believing they were sharing a legitimate restriction bypass tool. After discovering the issue, they deleted the link and added a warning that the software was ineffective. However, hackers took their scheme a step further by falsely accusing YouTubers of copyright violations. If the creators refused to post malware links, cybercriminals threatened to take down their channels. Many influencers gave in to the blackmail, fearing the loss of their platforms. Over the past six months, Kaspersky has detected more than 2.4 million cases of cybercriminals manipulating network traffic using Windows Packet Divert drivers. They disguise harmful programs as useful software, allowing them to bypass security protections, modify critical system files, and maintain long-term access to infected computers. Experts caution that these blackmail strategies could extend beyond YouTube to other platforms like Telegram , where influencers interact with their communities. Users should avoid downloading software from unverified sources, as seemingly helpful tools may contain hidden threats. This discovery follows another recent cybersecurity threat exposed by Kaspersky. The firm identified a data-stealing Trojan called SparkCat, active on the App Store and Google Play since March 2024. SparkCat uses machine learning to scan image galleries, stealing cryptocurrency wallet recovery phrases, passwords, and sensitive information hidden in screenshots. As YouTube influencers become prime targets for cybercriminals, blockchain intelligence platform Arkham has introduced a new tracking feature. The "Key Opinion Leader (KOL) Label" monitors the cryptocurrency wallets of influencers with over 100,000 followers on X. This feature allows investors to see whether influencers genuinely support the tokens they promote or if their endorsements are just paid advertisements. With cyber threats evolving rapidly, experts urge users to be cautious online. Avoid unverified downloads, question influencer promotions, and stay informed about emerging cybersecurity risks.
