New Delhi, Dec 17: Cybercriminals are increasingly using fake brand collaboration emails to trick YouTube creators into downloading malware that steals sensitive financial and login information, according to cybersecurity experts at CloudSEK.
The attackers disguise their malware as legitimate files, such as contracts or promotional materials, often hosted on platforms like OneDrive and protected with passwords to avoid detection.
Once opened, these files deploy malware that allows hackers to access victims' personal data, including banking details and login credentials, while granting them remote control of the infected system.
The phishing emails are crafted to appear authentic, often coming from spoofed or compromised email addresses, making it easy for recipients to be deceived into clicking on malicious attachments.
The campaign specifically targets content creators, digital marketers, and business executives involved in brand collaborations and promotions.
Security researcher Mayank Sahariya stressed the importance of verifying collaboration offers before engaging with any attachments.
He also recommended that creators implement robust cybersecurity practices to safeguard against these increasingly sophisticated threats.
This growing wave of social engineering tactics underscores the evolving methods of cybercriminals, who are becoming more adept at exploiting unsuspecting individuals.
As the threat continues to grow, creators must stay vigilant and cautious when responding to unsolicited collaboration emails, especially those offering too-good-to-be-true deals.