Summary: A sophisticated malware campaign called SilentCryptoMiner exploits Windows Packet Divert drivers to bypass internet restrictions, impacting over 2,000 users in Russia. Cybercriminals manipulated popular YouTubers into distributing malicious links in videos, using threats of copyright strikes to force compliance. The malware employs advanced stealth techniques for cryptocurrency mining, highlighting evolving threats in the cyber landscape.

Affected: YouTubers and their audiences, especially those in Russia

Keypoints :

• SilentCryptoMiner is disguised as legitimate tools, using a distribution strategy leveraging popular content creators.
• The attack involved a modified start script running through PowerShell, leading to the malware’s installation.
• Once installed, the malware uses stealth techniques, including process hollowing, to mine cryptocurrencies undetected.
• The campaign underscores the importance of caution when downloading tools from untrusted sources, even when recommended by influencers.