SilentCryptoMiner: YouTubers Blackmailed Into Spreading Crypto-Mining Malware

According to a report from Kaspersky, these attackers use copyright complaints and other pressure tactics to trick content creators into adding harmful links that lead to malware-infected files.

The scam takes advantage of the increasing use of Windows Packet Divert drivers, especially in Russia. These drivers help users bypass internet restrictions, and their popularity has led to a rise in YouTube tutorials explaining how to install them.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

How Do KYC & AML Work in Crypto? (Explained)

SUBSCRIBE

ON YOUTUBE

Attackers exploit this trend by inserting links to SilentCryptoMiner, a crypto-mining malware, into video descriptions. The malware is based on XMRig, an open-source mining tool used to generate cryptocurrencies such as Ethereum ETH $2,931.32 , Ethereum Classic ETC $11.20 , Ravencoin RVN $0.0067 , and Monero XMR $467.72 . It uses a method called process hollowing to run in the background without detection.

Kaspersky found that one YouTube creator with 60,000 subscribers had been targeted. As a result, a video with over 400,000 views contained a harmful link that led to an infected archive instead of a legitimate download. This file was downloaded more than 40,000 times, which exposed thousands of users to malware.

The security firm estimates that at least 2,000 computers in Russia have been infected through this method. However, the actual number may be much higher when factoring in similar campaigns spread through Telegram channels.

On February 24, Kaspersky researcher Georgy Kucherin reported that hackers had used a scheme called GitVenom. What is it? Read the full story.