New Delhi, Dec 16 (IANS) In an alarming trend, cybercriminals are now increasingly targeting popular YouTube creators by exploiting fake brand collaboration offers to distribute malware, a report showed on Monday.
The malware, disguised as legitimate documents like contracts or promotional materials, is often delivered through password-protected files hosted on platforms such as OneDrive to evade detection, claimed CloudSEK, a cybersecurity firm.
“Once downloaded, the malware can steal sensitive information, including login credentials and financial data, while also granting attackers remote access to the victim’s systems,” said security research Mayank Sahariya.
At the end of the email, the threat actor includes instructions and a OneDrive link to access a zip file containing the agreement and promotional materials, secured with the password. When the YouTube victim clicked the URL in the email, they were directed to a Drive page.
The adversary leverages malware and sophisticated techniques for targeted attacks. Their actions suggest a well-organised group with access to diverse tools and resources.
Key characteristics of the campaign include email payload where the malware is hidden within attachments such as Word documents, PDFs, or Excel files, often masquerading as promotional materials, contracts or business proposals.
The phishing emails are sent from spoofed or compromised email addresses, making them seem credible. Recipients are lured into downloading the attached files, believing they are legitimate business offers.
Once the attachment is opened, the malware installs itself on the victim's system. This malware is typically designed to steal sensitive data, including login credentials, financial information, and intellectual property, or to provide remote access to the attacker.
Businesses and individuals in marketing, sales, and executive positions are the primary targets, given their propensity to engage in brand promotions and partnerships.
“With content creators and marketers as primary targets, this global campaign underscores the importance of verifying collaboration requests and adopting robust cybersecurity measures to protect against such threats,” Sahariya added.