How Threat Actors Exploit Brand Collaborations to Target Popular YouTube Channels

Description

Cybercriminals are targeting YouTube creators through sophisticated phishing campaigns that impersonate trusted brands offering collaboration deals. The malware is disguised as legitimate documents and delivered via password-protected files on platforms like OneDrive. Once downloaded, it steals sensitive information and grants remote access to victims' systems. The campaign uses YouTube parsers to collect email addresses, automation tools for bulk phishing, and multiple SMTP servers for distribution. Attackers leverage templates impersonating brands and PR entities to create convincing emails. The malware communicates with command and control servers to exfiltrate data, using techniques to evade detection. This global campaign highlights the need for content creators and marketers to verify collaboration requests and implement robust cybersecurity measures.