Skip to main content Tech Radar Pro Tech Radar Gaming Tech Radar Pro TechRadar the business technology experts Search TechRadar View Profile België (Nederlands) Deutschland North America US (English) Australasia New Zealand Expert Insights Website builders Web hosting Best web hosting Best website builder Best office chairs Expert Insights YouTubers targeted by blackmail campaign to promote malware on their channels By Sead Fadilpašić published 10 March 2025 Hackers are blackmailing YouTube creators into sharing a cryptominer When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Shutterstock / Jaiz Anuar) YouTube creators are being threatened with copyright claims The way to resolve the problem is to share a download link The link distributes trojanized programs that install a cryptominer Cybercriminals have been targeting YouTubers with fake copyright claims, threatening them into distributing malware through their videos and channels. T Cybersecurity researchers at Kaspersky recently spotted the campaign in the wild, claiming the majority of the victims are Russian. Kaspersky said it spotted a video with more than 400,000 views sharing the malicious link, and that the campaign resulted in more than 40,000 downloads (before being pulled down). You may like YouTube warns of phishing video using its CEO as bait Huge cybercrime attack sees 390,000 WordPress websites hit, details stolen Tens of thousands of downloads Kaspersky said Windows Packet Divert (WPD), a user-mode network packet capture and injection tool for Windows, is growing increasingly popular in Russia. It allows applications to intercept and modify network packets at various stages in the Windows network stack, and is used as part of a tech stack that allows users to bypass government censorship. There are many YouTube video tutorials on how to use WPD tools to do just that, and their creators are being targeted. Apparently, threat actors would file a copyright claim with YouTube, and then reach out to the creators, claiming they were the tool’s owners. They would then demand the creators add the tool’s GitHub download link in the videos’ description. Alternatively, they would just reach out to the creators claiming to be the developers and offering an “updated” download link. However, the GitHub repository being shared this way is trojanized and includes a version of the tool that carries a cryptocurrency miner called SilentCryptoMiner. This is a modification of the infamous XMRig, and is capable of mining ETH, ETC, XMR, and RTM. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. "According to our telemetry, the malware campaign has affected more than 2,000 victims in Russia, but the overall figure could be much higher," Kaspersky said in its analysis. Cryptojackers are a popular type of malware which can be easily spotted, since the device running it cannot do anything else, as its compute power is fully utilized in the mining process. Via BleepingComputer You might also like Web DDoS attacks see major surge as AI allows more powerful attacks We've rounded up the best password managers Take a look at our guide to the best authenticator app Sead Fadilpašić Social Links Navigation Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications. You must confirm your public display name before commenting Please logout and then login again, you will then be prompted to enter your display name. YouTube warns of phishing video using its CEO as bait Huge cybercrime attack sees 390,000 WordPress websites hit, details stolen Hundreds of GitHub repositories hijacked to trick users into downloading malware Mac users targeted with new malware, so be on your guard CrowdStrike warns of fake job offer scam that is actually just malware Microsoft reveals over a million PCs hit by malvertising campaign Latest in Security Software bug meant NHS information was potentially “vulnerable to hackers” Experts warn this critical PHP vulnerability could be set to become a global problem YouTubers targeted by blackmail campaign to promote malware on their channels Agentic AI has “profound” issues with security and privacy, Signal President says Another top security camera maker is seeing devices hijacked into botnet Top Bluetooth chip security flaw could put a billion devices at risk worldwide Latest in News Manus AI may be the new DeepSeek, but initial users report problems X is down again – here's everything we know about Twitter's third outage of the day Microsoft is adding image editing and compression to its Windows Share feature - and I couldn't be happier These mysterious wireless earbuds claim to monitor your heart and hearing health simultaneously, but there’s a catch RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go More about security Experts warn this critical PHP vulnerability could be set to become a global problem Another top security camera maker is seeing devices hijacked into botnet Microsoft is adding image editing and compression to its Windows Share feature - and I couldn't be happier See more latest Most Popular Microsoft is adding image editing and compression to its Windows Share feature - and I couldn't be happier These mysterious wireless earbuds claim to monitor your heart and hearing health simultaneously, but there’s a catch Manus AI may be the new DeepSeek, but initial users report problems AdGuard becomes the latest VPN to add post-quantum encryption X is down again – here's everything we know about Twitter's third outage of the day Experts warn this critical PHP vulnerability could be set to become a global problem NYT Strands hints and answers for Tuesday, March 11 (game #373) NYT Connections hints and answers for Tuesday, March 11 (game #639) Quordle hints and answers for Tuesday, March 11 (game #1142) Another top security camera maker is seeing devices hijacked into botnet LATEST ARTICLES Microsoft is adding image editing and compression to its Windows Share feature - and I couldn't be happier 'It's bigger, bolder, and bleaker': The Wheel of Time season 3 cast teases what to expect from the Prime Video show's most daunting chapter yet 5 great free movies to stream on Tubi, Pluto TV, Plex and more this week (March 10) These mysterious wireless earbuds claim to monitor your heart and hearing health simultaneously, but there’s a catch Manus AI may be the new DeepSeek, but initial users report problems TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. Contact Future's experts Terms and conditions Privacy policy Cookies policy Advertise with us Web notifications Accessibility Statement Future US, Inc. Full 7th Floor, 130 West 42nd Street, Please login or signup to comment Please wait...