YouTube Creators Targeted in Global Phishing Campaign

Written by

Over 200,000 YouTube creators and counting have been targeted by cybercriminals masquerading as big-name brands, in a newly discovered phishing campaign.

The scammers send malicious emails with subject lines like “Collaboration Proposal” and “Marketing Opportunity,” in order to trick their victims into clicking through or opening malware-laden attachments, according to Cloudsek.

Password-protected archives, hosted on cloud platforms like OneDrive, contain malicious executables disguised as agreements or promotional materials.

Once extracted, the files deploy malware designed to steal sensitive information such as login credentials and session cookies, or to gain remote access to the victim’s machine.

The attackers are then able to hijack the victim’s YouTube account and use this access to spam their followers with more malicious messages.

The malware used in this global campaign was linked by Cloudsek to threats associated with the Lumma Stealer.

Read more on YouTube threats: Dark Web Demand Surges for YouTube Accounts

The security vendor claimed over 340 SMTP servers are being used in the campaign and that over 46 remote desktop protocol (RDP) systems are in operation, in order to help compromise systems or deploy malware.

Cloudsek has also recorded more than 26 SOCKS5 proxies, which are used to help anonymize traffic and ensure command and control (C2) communications stay hidden.

“This campaign is not just about stealing accounts; it’s about leveraging the trust and influence of YouTube creators to amplify scams on a massive scale,” said Mayank Sahariya, security researcher at Cloudsek. 

“Attackers are exploiting these accounts to push scams and fraudulent schemes, reaching millions of unsuspecting followers. The scale of this operation means not only financial losses for victims but also long-term reputational damage for creators, highlighting an urgent need for better security awareness and robust protective measures.”

The security vendor urged YouTube creators to ensure they:

  • Double-check email sender details and contact brands through official channels if unsure
  • Avoid downloading files or clicking on links from unknown or suspicious sources
  • Enable two-factor authentication to add an extra layer of security to their YouTube account
  • Regularly check their YouTube account for unauthorized logins or changes
  • Ensure everyone involved in managing a YouTube account is aware of the latest phishing tactics

Image credit: tovovan / Shutterstock.com

What’s hot on Infosecurity Magazine?