Malware is currently being sent around in the name of Camtasia.
YouTubers are often contacted specifically to gain access to their accounts. Currently, the name of Camtasia, a screen recording software, is being used to advertise a supposed advertising partnership.
Video
The email
The whole thing comes by email. We are supposed to download a media kit with further information from “Docusign”. If we look at the domain in the email, we only realise at second glance that a different domain is being used here.
We open the link
We start the virtual machine and open the link. The Docusign page is well copied. We can enter the email code here.
We are then informed that we cannot view the file online, but that it will go offline. What a shame!
What’s in the download?
After the download we receive a ZIP file. This is password-protected, the code in the e-mail will also help here. The file contains videos, image files and an Excel file, all there to feign legitimacy.
The crux of the matter comes in the form of an .exe file, which is supposed to be the contract. Fittingly, the DLLs have also been included so that the software will run in any case.
What is particularly piquant is that not a single virus scanner recognised any danger when tested with VirusTotal.
What happens
Whoever opens the file has a problem. Malware is installed, what exactly it does is unclear in this case, in a similar case, the YouTube accounts were taken over.
Conclusion
Basically, there is only one conclusion: check such offers more than thoroughly. If the offer is too good to be true, stay away. Otherwise, check what’s in the ZIP, which can be done without unpacking. If it contains an .exe file, don’t bother.
Otherwise, VirusTotal is always a good indicator. Even if it wouldn’t have helped in this case. These things are usually recognised after a short time.