Hackers Blackmail YouTubers Into Spreading Malware

Hackers are forcing YouTubers to unknowingly spread malware by blackmailing them into sharing malicious links in their video descriptions.

The scheme, uncovered by Kaspersky, mainly targets content creators who post videos about bypassing internet restrictions, a popular topic in Russia.

The criminals begin by filing false complaints against these videos, pretending to be the original developers of the restriction-bypassing software. Once YouTube removes the video, the hackers contact the creator, claiming they have the “official” new download link.

They then pressure the YouTuber to include this link in a new video—without realizing that it leads to malware. If the YouTuber refuses, the hackers threaten to file multiple complaints, which can get the channel permanently deleted.

The malware being spread is a type of “miner” that secretly uses infected computers to mine cryptocurrency. Victims unknowingly install it, believing they are downloading legitimate software.

The researchers say that the scam has already claimed at least 2,000 victims in Russia. One YouTuber with 60,000 subscribers posted multiple videos promoting the malware, leading to 40,000 downloads before realizing the issue and removing the link.

The malware, known as SilentCryptoMiner, is a stealthy program designed to evade detection. It is based on XMRig, a widely used open-source mining tool.

It can mine various cryptocurrencies, including Ethereum (ETH), Monero (XMR), and others. SilentCryptoMiner is programmed to stop its activity when it detects certain security processes running, making it difficult to spot without strong cybersecurity protections.

The hackers don’t stop at YouTube. They also spread their malware through Telegram and other video-sharing platforms. Many of these accounts are eventually deleted, but new ones quickly appear.

To avoid infection, cybersecurity experts advise users to be cautious when downloading software, especially from YouTube links or unknown sources. Kaspersky notes that even reputable content creators can unknowingly share dangerous links if they are being blackmailed.

If a program asks users to disable antivirus protection before installation, that’s a major red flag. Keeping security software active and updated is crucial to blocking such threats.

As cybercriminals find new ways to manipulate content creators and their audiences, internet users must stay vigilant. Always verify download links and avoid clicking on files from unknown sources, no matter how trustworthy the person sharing them seems.