YouTube creators stand out amid new hacking attack warning, as security researchers reveal how cybercriminals create videos as part of a broader crusade of password-stealing threats. This is what you want to know.
Security researchers have discovered that cybercriminals are targeting YouTube creators as part of a threat campaign designed to spread password-stealing malware. The attacks begin, Mayank Sahariya, a cyber threat analyst at CloudSEK, said, with carefully constructed phishing emails that use advanced brand-impersonation techniques offering financially-valuable partnership deals.
“The malware, disguised as valid documents, such as contracts or promotional materials,” Sakariya said, “is distributed through password-protected files hosted on platforms such as OneDrive to evade detection. “The malware, which appears to be related to the Lumma Stealer family, is capable of compromising sensitive information, adding login credentials and monetary data.
Attribution to a specific threat actor involved a Twitch.tv username and Polish telephone number, with the CloudSEK analysis confirming that in leveraging “sophisticated techniques” for the targeted malware attacks, the group or individual concerned is likely “well-organized” and with “access to diverse tools and resources.” Indeed, the threat analysts found more than 340 simple mail transfer protocol servers and 46 Remote Desktop protocol systems employed by the threat actor. The SMTP mail servers deploy the phishing email while the RDP systems are used to access machines once they are compromised or for deploying the malware to begin with. “Automation tools like Youparser, Browser Automation Studio and Zennobox,” Sahariya said, were used to “streamline operations such as spear phishing, credential harvesting and scaling attacks.” With no specific regional focus identified by the CloudSEK research, the campaign can be said to have a global impact with high confidence.
“With content creators and marketers as primary targets,” Sahariya concluded, “this global campaign underscores the importance of verifying collaboration requests and adopting robust cybersecurity measures to protect against such threats” If you have a YouTube channel, no matter the size, be warned and take note.
One Community. Many Voices. Create a free account to share your thoughts.
Our network aims to connect other people through open and thoughtful conversations. We need our readers to share their perspectives and exchange ideas and facts in one space.
In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil.
Your message will be rejected if we realize that it seems to contain:
User accounts will be blocked if we become aware or if users are concerned about:
So how can you be a user?
Thank you for reading our Community Standards. Read the full list of publication regulations discovered in our site’s terms of use.