Attackers are sending personalized emails with subject lines like “Collaboration Proposal” and “Marketing Opportunity,” enticing creators to download malicious files disguised as partnership agreements or promotional materials hosted on trusted platforms like OneDrive. These files contain malware designed to steal login credentials and session cookies or enable remote system access. The compromised accounts are then used to promote scams, such as fraudulent cryptocurrency giveaways, to the creators’ audiences. The operation utilizes an extensive technical infrastructure, including more than 340 SMTP servers and 46 compromised Remote Desktop Protocols, to mask the attackers’ activities.
This campaign highlights the growing sophistication of phishing attacks in the digital content creation space, emphasizing the need for heightened vigilance among creators when engaging with unsolicited collaboration offers.
Discussion (0)