Prospective victims are sent emails that contain a OneDrive link that leads to a malicious ZIP file.
Threat actors are impersonating brands to trick YouTube channel administrators, sales, and marketing staff into opening email attachments that contain Windows malware, according to a new report from cybersecurity firm CloudSek.
The attackers use automation to collect YouTube channels' emails and send bulk phishing messages that promise thousands of dollars in compensation -- up to $50,000 for channels with over 2 million subscribers.
The target channels are sent OneDrive links that direct recipients to download a password-protected ZIP file. The initial email contains the password and asks potential victims for their financial data so attackers can supposedly send payment for the sponsored YouTube segment.
In one example of the attack, the sharer's email on OneDrive looked suspicious and had been created recently. Opening the ZIP file jump-started the malware. The file name was "Contracts and Agreement Archive Collection.rar," which then loaded "webcam.pif" and other processes. However, the webcam file was likely named as such in an attempt to evade detection.
This malware is an info-stealer, meaning it's designed to swipe victims' browser credentials, cookies, and clipboard data and send it all to the attacker. Forty-eight different cybersecurity firms have flagged this malware, so if you have software like Malwarebytes, Avast, or McAfee, those programs should detect it if the malware gets onto your PC.
CloudSek didn't reveal whether anyone fell victim to this attack or which channels were targeted. It also blurred out the names of the brands being impersonated, but one phishing email references "a leading platform for discovering and purchasing food." It's possible the attackers may switch it up and impersonate a different type of brand in the future, though.
Phishing emails are a common attack method for cybercriminals, who typically use them to infect computers with malware and steal personal data or money. It's a good idea to use malware protection software and avoid clicking on links from unknown senders over text or email.