{"id":67732,"date":"2025-02-05T20:22:31","date_gmt":"2025-02-05T19:22:31","guid":{"rendered":"https:\/\/ekiwi-blog.de\/67732\/camtasia-scam-beware-of-supposed-co-operations\/"},"modified":"2025-02-05T21:43:53","modified_gmt":"2025-02-05T20:43:53","slug":"camtasia-scam-beware-of-supposed-co-operations","status":"publish","type":"post","link":"https:\/\/ekiwi-blog.de\/en\/67732\/camtasia-scam-beware-of-supposed-co-operations\/","title":{"rendered":"Camtasia-Scam: Beware of co-operation proposals"},"content":{"rendered":"<p>Malware is currently being sent around in the name of Camtasia.<\/p>\n<p><!--more--><\/p>\n<p>YouTubers are often contacted specifically to gain access to their accounts. Currently, the name of Camtasia, a screen recording software, is being used to advertise a supposed advertising partnership.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of content<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/ekiwi-blog.de\/en\/67732\/camtasia-scam-beware-of-supposed-co-operations\/#Video\" >Video<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/ekiwi-blog.de\/en\/67732\/camtasia-scam-beware-of-supposed-co-operations\/#The_email\" >The email<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/ekiwi-blog.de\/en\/67732\/camtasia-scam-beware-of-supposed-co-operations\/#We_open_the_link\" >We open the link<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/ekiwi-blog.de\/en\/67732\/camtasia-scam-beware-of-supposed-co-operations\/#Whats_in_the_download\" >What&#8217;s in the download?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/ekiwi-blog.de\/en\/67732\/camtasia-scam-beware-of-supposed-co-operations\/#What_happens\" >What happens<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/ekiwi-blog.de\/en\/67732\/camtasia-scam-beware-of-supposed-co-operations\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Video\"><\/span>Video<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/uTQIIWsUSHA?si=YgYb0Qmq5lp9PkjR\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<h2><span class=\"ez-toc-section\" id=\"The_email\"><\/span>The email<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The whole thing comes by email. We are supposed to download a media kit with further information from &#8220;Docusign&#8221;. If we look at the domain in the email, we only realise at second glance that a different domain is being used here.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_1.webp\" alt=\"\" width=\"820\" height=\"693\" class=\"aligncenter size-full wp-image-67724\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_1.webp 820w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_1-300x254.webp 300w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_1-768x649.webp 768w\" sizes=\"auto, (max-width: 820px) 100vw, 820px\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"We_open_the_link\"><\/span>We open the link<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>We start the virtual machine and open the link. The Docusign page is well copied. We can enter the email code here.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_2.webp\" alt=\"\" width=\"800\" height=\"594\" class=\"aligncenter size-full wp-image-67726\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_2.webp 800w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_2-300x223.webp 300w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_2-768x570.webp 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/p>\n<p>We are then informed that we cannot view the file online, but that it will go offline. What a shame!<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_3.webp\" alt=\"\" width=\"800\" height=\"287\" class=\"aligncenter size-full wp-image-67728\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_3.webp 800w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_3-300x108.webp 300w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_3-768x276.webp 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Whats_in_the_download\"><\/span>What&#8217;s in the download?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>After the download we receive a ZIP file. This is password-protected, the code in the e-mail will also help here. The file contains videos, image files and an Excel file, all there to feign legitimacy.<\/p>\n<p>The crux of the matter comes in the form of an .exe file, which is supposed to be the contract. Fittingly, the DLLs have also been included so that the software will run in any case.<\/p>\n<p>What is particularly piquant is that not a single virus scanner recognised any danger when <a href=\"https:\/\/ekiwi-blog.de\/22006\/dateien-online-auf-viren-pruefen\/\">tested with VirusTotal<\/a>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_4.webp\" alt=\"\" width=\"1000\" height=\"661\" class=\"aligncenter size-full wp-image-67730\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_4.webp 1000w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_4-300x198.webp 300w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2025\/02\/cam_4-768x508.webp 768w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_happens\"><\/span>What happens<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Whoever opens the file has a problem. Malware is installed, what exactly it does is unclear in this case, in a similar case, <a href=\"https:\/\/acapio.de\/posts\/2024-12-29_camtasia_scam\" target=\"_blank\" rel=\"noopener noreferrer\">the YouTube accounts were taken over<\/a>.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Basically, there is only one conclusion: check such offers more than thoroughly. If the offer is too good to be true, stay away. Otherwise, check what&#8217;s in the ZIP, which can be done without unpacking. If it contains an .exe file, don&#8217;t bother.<\/p>\n<p>Otherwise, <a href=\"https:\/\/www.virustotal.com\/gui\/home\/upload\" target=\"_blank\" rel=\"noopener noreferrer\">VirusTotal<\/a> is always a good indicator. Even if it wouldn&#8217;t have helped in this case. These things are usually recognised after a short time.<\/p>","protected":false},"excerpt":{"rendered":"<p>Malware is currently being sent around in the name of Camtasia.<\/p>\n","protected":false},"author":1,"featured_media":16357,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1555],"tags":[1601,1590],"class_list":["post-67732","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software-en","tag-malware-en","tag-scam"],"_links":{"self":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/posts\/67732","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/comments?post=67732"}],"version-history":[{"count":0,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/posts\/67732\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/media\/16357"}],"wp:attachment":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/media?parent=67732"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/categories?post=67732"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/tags?post=67732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}