advertisement
X-twitter Facebook Instagram Linkedin Youtube Spotify
Facebook
X
LinkedIn
WhatsApp
Reddit

Cybercriminals blackmail YouTubers into distributing covert cryptominer

  • Cybercriminals are threatening YouTube creators using the copyright strike tool.
  • Creators, who fear their channels will be deleted, agree to distribute software that is hiding a cryptomining tool.
  • At least 2 000 users have downloaded the malware but this number could be higher.

Here’s a concerning trend that Kaspersky’s Global Research and Analysis Team (GReAT) has discovered – cybercriminals are enlisting YouTubers to help them spread malware.

Mind you, these YouTubers aren’t helping out of their own free will as the cybercriminals are blackmailing them. As GReAT tells it, the cybercriminals file false copyright claims against creators twice. The cybercriminals then threaten the creator with a third which, as you may be aware, is a death sentence for a YouTube channel. To avoid this third strike, creators comply with the cybercriminal’s demands.

Those demands are that the creator distribute a link to what is claimed to be an internet restriction bypass tool but is really malware. While the tool does still bypass internet restrictions it also contains SilentCryptoMiner. This tool silently mines cryptocurrency on a user’s PC without their knowledge. This not only ramps up energy use it also annihilates the PC’s performance.

The cybersecurity company notes that if security software detects the file, the installer simply edges the user into compliance by displaying a message such as “File not found, turn off all antiviruses and re-download the file, it will help!”

This gives attackers yet another in to a compromised systems.

Kaspersky says that at least 2 000 users have downloaded the malicious tool according to its telemetry but this number is likely far higher. The company notes that one YouTube channel with 60 000 subscribers published the link in a video that garnered 400 000 views.

“This campaign demonstrates a concerning evolution in malware distribution tactics,” said Leonid Bezvershenko, security researcher at Kaspersky’s GReAT. “While initially targeting Russian-speaking users, this approach could easily spread to other regions as Internet fragmentation increases globally. The scheme effectively leverages trusted content creators as unwitting accomplices, which works in any market where users seek tools to circumvent online restrictions.”

Kaspersky advises that users avoid disabling their security software no matter what an installation asks. Generally speaking, if a piece of software can’t operate without your security solution enabled, it’s probably not a good idea to use that software.

The company also recommends keeping an eye on your computer’s performance. If you notice a sudden degradation in performance it may be best to check for malicious applications on your PC.

While internet restrictions aren’t great anywhere we urge users to make use of legitimate tools such as a VPN to get around those restrictions.

advertisement

About Author

More
Picture of Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.

Related News

Cybercriminals beware, Nigeria is preparing for a fight

Watch out for this malware that uses legitimate apps as a disguise

Have I Been Pwned owner, pwned

NHI’s centralised nature is a major cyber risk

Spray and pray – the worrying new trend among cybercriminals

SASSA SRD ravaged by cybercriminals and you’re paying for it

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.

© 2025. All rights reserved by HTXT.