Security researchers have uncovered a sophisticated malware campaign where threat actors are coercing popular YouTubers to distribute SilentCryptoMiner malware disguised as restriction bypass tools. One particularly concerning distribution method involves threat actors sending copyright strikes to content creators about videos with bypass tool instructions, then threatening to shut down their YouTube channels unless they post videos with links to the infected files. Security experts recommend extreme caution when using restriction bypass tools, as they increasingly serve as vectors for sophisticated malware distribution. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. While the Securelist researchers noted that the infection typically begins with an archive containing a modified start script that runs a malicious executable using PowerShell. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The malware leverages Windows Packet Divert drivers, a technology increasingly used in utilities designed to bypass access restrictions. The campaign exploits the growing popularity of these bypass tools, with over 2.4 million detections of such drivers on user devices in the past six months. In one documented case, a YouTuber with 60,000 subscribers posted several videos with instructions for bypassing blocks, including a link to a malicious archive in the description.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 07 Mar 2025 22:45:17 +0000