Content creators are becoming a hot target for hackers. Some attackers are simply seeking revenge and others seek to cause harm for bragging rights. Some, though, go the extra mile, using information-stealing malware to maybe even profit off their deed.
The latest such story comes from security researcher and content creator John Hammond. In a recent video, he shows how hackers tried to phish his credentials and other sensitive data via a fake copyright notice impersonating YouTube support – an increasingly common tactic among threat actors.
‘Your channel will be blocked’
“Today I got a notification on my phone that YouTube had sent me a copyright report, claiming one of my videos violated copyright and my channel was going to receive a strike,” Hammond tweeted. “Except, my video didn’t violate copyright. And YouTube didn’t really send me a copyright report.”
In his video (embedded below), the YouTuber reveals an intricate “charade” was at play. The threat actors constructed their malware delivery mechanisms with pinpoint precision, using various tricks to evade detection while disguising the payload as an innocent word document.
While the initial communication had telltale signs of a scam, it’s worth noting that a fake copyright notice like this one can dupe even an experienced pair of eyes, as was the case with scam-baiter Jim Browning who got tricked by vengeful hackers into deleting his own YouTube channel.
The reason it works – as many YouTubers will tell you – is that content creators are alarmed at the thought of having their content pulled down or demonetized, or their channel removed altogether.
“As others have pointed out, this is an example of Redline Stealer malware,” Hammond said in another tweet. “This is EXTREMELY COMMON for creators, used with ploys and deceptions to try and retrieve credentials and access. The threat to have a channel suspended can be terrifying for most and often seals the deal.”
RedLine stealer activity on the rise
RedLine is a malware-for-sale on the underground web designed to help threat actors steal login credentials, browser data, credit card information, and even cryptocurrency. Once the social engineering wheels are in motion, it only takes victims a couple of clicks to unknowingly surrender their precious data.
Bitdefender can confirm that such attacks are increasingly common. Our telemetry indicates a considerable rise in info stealer activity since 2020, with RedLine leading the pack in most targeted attacks. Bitdefender is on track to release a detailed version of these findings soon.
Hats off to Hammond for sharing his story in this pertinent, well-balanced narrative that should appeal even to non-savvy audiences. If you’re a content creator, pay close attention to all the red flags the researcher highlights. Enjoy!