A report on Monday showed an alarming trend: Cybercriminals are now increasingly targeting popular YouTube creators by exploiting fake brand collaboration offers to distribute malware.

CloudSEK, a cybersecurity firm, claimed the malware, disguised as legitimate documents like contracts or promotional materials, is often delivered through password-protected files hosted on platforms such as OneDrive to evade detection.

“Once downloaded, the malware can steal sensitive information, including login credentials and financial data, while also granting attackers remote access to the victim’s systems,” said security researcher Mayank Sahariya.

At the end of the email, the threat actor includes instructions and a OneDrive link to access a zip file containing the agreement and promotional materials, secured with the password. When the YouTube victim clicked the URL in the email, they were directed to a Drive page.

The adversary leverages malware and sophisticated techniques for targeted attacks. Their actions suggest a well-organized group with access to diverse tools and resources.

Buy Me a Coffee

Key characteristics of the campaign include email payload where the malware is hidden within attachments such as Word documents, PDFs, or Excel files, often masquerading as promotional materials, contracts or business proposals.

The phishing emails are sent from spoofed or compromised email addresses, making them seem credible. Recipients are lured into downloading the attached files, believing they are legitimate business offers.

Once the attachment is opened, the malware installs itself on the victim’s system. This malware is typically designed to steal sensitive data, including login credentials, financial information, and intellectual property, or to provide remote access to the attacker.

READ
YouTube Launches New Feature for Registered Health Professionals to Reach People

Since their propensity to engage in brand promotions and partnerships, businesses and individuals in marketing, sales, and executive positions are the primary targets.

“With content creators and marketers as primary targets, this global campaign underscores the importance of verifying collaboration requests and adopting robust cybersecurity measures to protect against such threats,” Sahariya added.