- Big Faces, Big Spend, Low ROI: Why Ad Fraud is Increasingly Damaging Brands
- This audio player has what both kids and parents want - And it's 40% off
- The Impacts of Government Regulations on PQC Product Availability
- Google, Microsoft could turn gatekeepers for advanced AI chips
- Bluetti is offering fantastic deals on fantastic power stations – but time is running out!
YouTube Creators Targeted in Major Phishing Campaign
Over 200,000 YouTube creators and counting have been targeted by cybercriminals masquerading as big-name brands, in a newly discovered phishing campaign.
The scammers send malicious emails with subject lines like “Collaboration Proposal” and “Marketing Opportunity,” in order to trick their victims into clicking through or opening malware-laden attachments, according to Cloudsek.
Password-protected archives, hosted on cloud platforms like OneDrive, contain malicious executables disguised as agreements or promotional materials.
Once extracted, the files deploy malware designed to steal sensitive information such as login credentials and session cookies, or to gain remote access to the victim’s machine.
The attackers are then able to hijack the victim’s YouTube account and use this access to spam their followers with more malicious messages.
The malware used in this global campaign was linked by Cloudsek to threats associated with the Lumma Stealer.
Read more on YouTube threats: Dark Web Demand Surges for YouTube Accounts
The security vendor claimed over 340 SMTP servers are being used in the campaign and that over 46 remote desktop protocol (RDP) systems are in operation, in order to help compromise systems or deploy malware.
Cloudsek has also recorded more than 26 SOCKS5 proxies, which are used to help anonymize traffic and ensure command and control (C2) communications stay hidden.
“This campaign is not just about stealing accounts; it’s about leveraging the trust and influence of YouTube creators to amplify scams on a massive scale,” said Mayank Sahariya, security researcher at Cloudsek.
“Attackers are exploiting these accounts to push scams and fraudulent schemes, reaching millions of unsuspecting followers. The scale of this operation means not only financial losses for victims but also long-term reputational damage for creators, highlighting an urgent need for better security awareness and robust protective measures.”
The security vendor urged YouTube creators to ensure they:
- Double-check email sender details and contact brands through official channels if unsure
- Avoid downloading files or clicking on links from unknown or suspicious sources
- Enable two-factor authentication to add an extra layer of security to their YouTube account
- Regularly check their YouTube account for unauthorized logins or changes
- Ensure everyone involved in managing a YouTube account is aware of the latest phishing tactics
Image credit: tovovan / Shutterstock.com
