Phishing Scams Target YouTubers: Malware Hidden in Fake Brand Deals

 

Cybercriminals are using a complex phishing scam to target the owners of YouTube channels and their teams, thus exposing the accounts and personal information to severe threats. According to cybersecurity experts, a report was released on how the attackers were tricking victims and stealing sensitive information.

The Phishing Attack Strategy

The scam starts with an official-looking and persuasive email, often masquerading as coming from a popular brand. These messages are being sent in bulk to all the administrators of YouTube channels, marketing teams, and sales staff. The message offers a highly lucrative deal on sponsorship and promises money of up to $50,000 for creators that have a huge following. They especially target those above 2 million subscribers.

In the email, a link to a OneDrive folder is shared. This folder contains a password-protected ZIP file, and the email provides the password for access. Recipients are also asked to share their financial details, supposedly to process payments for the proposed sponsorship.

The Malware Hidden Inside

This way, when the victims download and open the ZIP file, the hidden malware will be activated. In turn, these file names are designed in such a way that they seem legitimate and avoid any detection by security systems; names like “Contracts and Agreement Archive Collection.rar” or “webcam.pif.”

After activation, it works as an “info-stealer,” i.e., its main task is to collect sensitive

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: