Cybercriminals are using fake brand collaboration offers to target YouTube creators and influencers, spreading malware through deceptive email campaigns, according to a report by cybersecurity firm CloudSEK.
The malware is often disguised as legitimate documents, such as sponsorship contracts or promotional material, and delivered via password-protected ZIP files hosted on platforms like OneDrive to bypass email security filters.
How the Attack Works
The phishing emails are designed to look like authentic brand partnership requests, often sent from spoofed or compromised email accounts. At the end of the message, the attacker includes instructions and a OneDrive link to access a ZIP file, usually labeled as an “agreement” or “proposal.” This file is password-protected to appear trustworthy and evade detection.
When the YouTube creator clicks the link, they are directed to a seemingly normal cloud storage page and prompted to download the file. Once opened, the embedded malware installs itself silently on the victim’s device.
“Once downloaded, the malware can steal sensitive information, including login credentials and financial data, and also grant attackers remote access to the system,” said Mayank Sahariya, a cybersecurity researcher at CloudSEK.
Campaign Tactics and Threat Profile
This sophisticated campaign appears to be the work of a well-organized cybercriminal group with access to advanced tools. Key features of the attack include:
- Email payloads with malicious attachments (Word docs, PDFs, Excel files)
- Impersonated brand names to increase credibility
- Use of cloud services like OneDrive or Google Drive to host infected files
- Targeting of YouTubers, marketers, and business professionals who regularly engage in partnerships and collaborations
Once infected, the malware can steal confidential information, such as:
- YouTube account credentials
- Bank and financial login details
- Intellectual property
- Business communications
- And in some cases, enable remote desktop access to the attacker
Primary Targets and Prevention
The primary targets include content creators, digital marketers, and executives — particularly those in roles involving brand outreach and influencer partnerships.
“With YouTubers and marketers being the primary targets, this global campaign highlights the urgent need to verify brand offers and strengthen cybersecurity practices,” Sahariya emphasized.
