Phony YouTube DMCA Notice Installing Malware

Anyone who creates content online will know the fear of DMCA notices well. That’s especially true if you use YouTube.

Digital Millennium Copyright Act notices are copyright warnings requesting takedowns of protected content. Many are sent for legitimate reasons, but many are not. Some are polite and request the removal of copyrighted content, but others are more threatening.

It seems scammers are taking advantage of that in a new campaign.

DMCA emails are being sent that look and feel just like legitimate notices. They include a link to a ‘YouTube Copyright Report’ and a .zip attachment.

That attachment includes malware that tries to identify the device, the IP address, whether antivirus is running, and contact a home server in Finland.

It has been linked with RedLine Stealer malware that harvests personal data for later use. It’s a common form of malware freely available on the dark web for as little as $100.

It seems now scammers are playing on fear in order to trick people into infecting themselves.

Using Fear to Infect

For the majority of YouTube creators, being hit with a DMCA is a scary time, even if it’s all part of doing business online. Some notifications can be from big law firms and use strong language to try to illicit the desired action.

Scammers are using the same tactic to try to illicit an infection action.

By dressing it up within a DMCA notice, the malware is taking advantage of people in a scared state. People in this state don’t always make the best decisions or use the normal decision-making processes they usually would. That’s what the people behind this campaign is taking advantage of.

So, if you publish on YouTube and receive DMCA notices, double check to make sure it’s legit!