YouTubes in promoting malware in encryption mining: Kaspersky

Creative criminals on YouTube to add maliciously informed malware to their videos, according to Research from Kaspersky Security Company.

Snements have benefited from the growth of drivers in Russia in Windows Packet, enabling Internet users to circumvent geographical restrictions.

Kaspersky systems have discovered these engines on 2.4 million devices over the past six months, with every consecutive month since September have witnessed an increase in downloads.

The popularity of these drivers led to growth in YouTube videos on how to download and install them. But criminals have even found a way to include links to Silentcryptomine’s malware in these video clips.

One of the increasingly common tactics is to make a copyright blow on a video and then call its origin, claiming that he is the original developer of the driver who is discussing it.

According to Kaspersky, criminals managed to reach a famous YouTube with 60,000 subscribers, in the end added a harmful link to the videos more than 400,000 views.

But instead of leading to a project warehouse like GitHub, the violating links took viewers to an infected archive, which has since achieved more than 40,000 downloads.

Kaspersky estimates that by threatening YouTube crews of copyright and chanting strikes, criminals responsible were able to injure about 2000 pcs in Russia with harmful encryption programs.

However, the security company indicates that the total can be much higher if it includes other campaigns launched Telegram channels.

Although the software for mining coding for several years so far, Leonid Bezvirchenko-a security researcher in the Kaspersky-Kaspersky team-has increased that pressure on creators with wrong copyright complaints is a more aggressive and unique tactic.

“While some threats – such as miners and theft of information – are regularly benefiting social platforms for distribution, this tactic of coercion of influencers explains how Internet criminals develop.” Decipher. “By taking advantage of confidence between YouTube users and their fans, attackers create large -scale infections.”

The harmful programs of mining used by the attackers, Silentcryptominer, depend on the well -known XMRIG ethereumand Classicand MoneroAnd ravencoin.

He pumps himself into the procedures of the computer system through the process cavity, and can be controlled remotely by its creators, who can stop mining whenever the original system is active.

“In this specific campaign, most of the victims we identified in Russia confirm, and the same harmful programs were primarily available to Russian IP addresses,” Bezvershenko, who nevertheless confirms that the attackers often go to any place they see as an opportunity.

This last campaign comes at a time when a large -scale encryption mining viruses have become a form of harmful programs, with Internet Security Discovery Center Which – which Coinminer It was the second most of the 2024 malware, behind the Drive-Dy download Socgholish.

In December last year, cybersecurity researchers in I found Repeerninglabs The attackers are increasingly inserting harmful programs for encryption in the famous open source coding packages and tools, which can often attract hundreds of thousands of weekly downloads.

Although it may be difficult to avoid the legitimate coding packages that have been infected after you if you are developed, Kaspersky advises public web users to stay awake and check the source of any download.

BEZVERSHENKO says, “If you ask you a YouTube creator or a guide to disable antivirus or demand that a file is completely safe, then you are treated with caution and an additional safety examination.”

Edit Stacy Elliot.