Image by DC Studio, from Freepik

Cybercriminals Use Fake Brand Deals To Target Popular YouTube Channels

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A new report highlights how cybercriminals are increasingly targeting YouTube creators with fake brand collaboration offers to spread malware.

In a Rush? Here are the Quick Facts!

• Phishing emails impersonate trusted brands, offering partnership deals with malicious attachments.
• Malware is delivered via password-protected files hosted on platforms like OneDrive.
• Once opened, malware steals credentials, financial data, and enables remote system access.

These attacks aim to steal sensitive information, including login credentials and financial data, while also allowing remote access to the victim’s system, as detailed in the report by CloudSEK .

The phishing campaigns are highly sophisticated. Attackers impersonate well-known brands, sending professional-looking emails that offer enticing partnership deals.

The emails include fake contracts or promotional documents disguised as password-protected files hosted on trusted platforms like OneDrive or Google Drive. This method helps the malware bypass security filters and antivirus software.

Once a creator downloads and extracts these files, the malware is silently installed. It can then steal browser data, passwords, and even clipboard content (used for copy-pasting). In some cases, the malware allows attackers to remotely control the victim’s device.

The initial stage of the attack often begins with cybercriminals using automated tools to collect email addresses from YouTube channels.

These tools allow attackers to send bulk phishing emails that look convincing, complete with official brand logos and well-written text. Victims, especially content creators and marketers looking for collaborations, are lured into believing the offer is legitimate.

Security researchers note that the malware files are often delivered in layers. For example, a compressed folder may contain another password-protected archive, hiding the malicious script. Once executed, the malware connects to servers controlled by the attackers, where stolen data is sent.

This campaign highlights the growing sophistication of cyber threats targeting social media influencers and creators. YouTube content creators are particularly vulnerable because of their reliance on brand deals as part of their revenue streams.

Experts recommend creators remain cautious and verify all collaboration requests. Simple steps include checking the sender’s email address, avoiding suspicious links, and scanning attachments before downloading.

Adopting robust cybersecurity practices, such as enabling two-factor authentication and using updated antivirus software, can also help prevent such attacks.

Image pvproductions, from Freepik

Kaspersky Reports 135% Surge In Crypto-Stealing Drainers On Dark Web

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Cybercriminal interest in crypto-draining malware surged dramatically in 2024, with discussions on dark web forums rising by 135%, according to Kaspersky’s latest Security Bulletin.

In a Rush? Here are the Quick Facts!

• Drainers use fake airdrops, phishing sites, and deceptive ads to steal funds.
• Corporate database ads on the dark web rose 40% from 2023 to 2024.
• Cybercriminals are shifting from Telegram back to private dark web forums.

Kaspersky’s report highlights the growing focus on crypto-drainers—malware designed to trick victims into authorizing fraudulent transactions, swiftly draining funds from cryptocurrency wallets.

Kaspersky’s Digital Footprint Intelligence revealed that discussions on crypto-drainers increased from 55 unique dark web threads in 2022 to 129 in 2024. These forums are rife with cybercriminals exchanging ideas, trading malware, and collaborating on large-scale distribution.

Alexander Zabrovsky, a security expert at Kaspersky, predicts further growth in crypto-drainer interest in 2025.

“Crypto enthusiasts need to be more vigilant than ever, adopting robust crypto security measures. Meanwhile, companies should focus on educating their customers and employees while actively monitoring their online presence to reduce the risk of successful attacks,” Zabrovsky emphasized.

He added that drainers often leverage social engineering tactics, impersonating popular wallets and exchange brands to lure victims into fraudulent transactions.

Cybercriminals appear increasingly focused on leaking or reselling stolen data , sometimes amplifying older breaches as new incidents to damage corporate reputations.

“Some ‘offers’ may simply be well-marketed materials. For example, certain databases might combine publicly available information or previously leaked data, presenting it as breaking news ,” Zabrovsky added.

“By making such claims, cybercriminals can generate publicity, create buzz, and tarnish the reputation of the targeted company simply by announcing a data breach,” Zabrovsky continued.

Emerging trends point to further developments in 2025. Kaspersky predicts a migration of cybercriminals from Telegram back to private dark web forums, as increased platform bans drive users to less accessible spaces.

High-profile law enforcement operations are also expected to intensify, forcing cybercriminal groups to fragment into smaller, harder-to-track units.

Other anticipated trends include the rise of Malware-as-a-Service models promoting drainers and credential stealers, escalating cyber threats in the Middle East due to geopolitical tensions, and an uptick in ransomware attacks across the region.

To combat these threats, Kaspersky advises individuals to use comprehensive security solutions and remain vigilant against phishing schemes. Businesses should proactively monitor dark web activity and employ tools to detect and respond to potential data breaches and malware-related risks.