YouTubers Forced to Promote Crypto Mining Virus: Kaspersky

According to cybersecurity firm Kaspersky’s research, criminals are blackmailing some YouTube creators to include harmful crypto mining malware in their videos.

The expansion of Windows Packet Divert drivers in Russia lets internet users bypass geographical limitations, and thus, hackers are taking advantage of this. These drivers let people use the internet to get around restrictions based on where they are.

Over the past six months, Kaspersky’s systems have identified these drivers on nearly 2.4 million devices.

As these drivers are so popular, YouTube videos on how to download and installation techniques have grown so much. However, the criminals have even managed to include links to the SilentCryptoMiner malware in the descriptions of such videos.

Hackers Use Fake Copyright Claims to Target YouTubers

Hackers are increasingly filing copyright strikes on videos and then contacting the creators, falsely claiming to be the original developers of the drivers.

Kaspersky says that the criminals contacted a popular YouTuber with 60,000 subscribers and added a harmful link to videos watched over 400,000 times.

But instead of leading to a legitimate site like GitHub, the malicious links sent people to an infected archive that has since been downloaded over 40,000 times.

Kaspersky estimates that the criminals who did this were able to get crypto-mining malware on about 2,000 computers in Russia by threatening YouTube creators with copyright lawsuits and takedowns.

But the security company says the number could be a lot higher if other campaigns running on Telegram were included.

Malware that mines cryptocurrency has been around for a while, but Leonid Bezvershenko, a security researcher at Kaspersky’s Global Research and Analysis Team, says that making false copyright complaints against creators is a more aggressive and new strategy.

“Some threats, like miners and information thieves, often use social platforms to spread their messages. This method of using influencers to get what they want shows how cybercriminals are changing,” he tells Decrypt. Attackers easily infect many people infected by using the trust of YouTubers with their viewers.”

Based on the popular open-source miner XMRig, SilentCryptoMiner, the attackers’ mining malware, is used to mine tokens such as Ethereum Classic, Monero, Ethereum, and Ravencoin.

ReversingLabs found that attackers include crypto-mining malware in popular open-source coding packages and tools. These tools and packages can get hundreds of thousands of downloads every week.

If you’re a developer, it might be difficult to stay away from legitimate but infected coding packages. But for everyone else, Kaspersky warns, “Be careful and check the source of any download.”

Kaspersky Discovers ‘GitVenom’ Cyberattack Stealing Bitcoin

According to the latest report on February 24, 2025, Kaspersky found GitVenom, a hidden GitHub cyberattack. To trick users, hackers uploaded fake Instagram tools, Telegram bots, and game cracks. These programs infected devices with malware when downloaded and executed. The malware stole personal, bank, and crypto wallet data. It even changed copied Bitcoin addresses to pay hackers.

By doing this, cybercriminals stole 5 Bitcoins (₹4 crore). Brazil, Turkey, and Russia had the most victims.