Emails apparently originating from “The YouTube Team” have been found to carry a malicious attachment.
“Your video may have content that it owned or licensed by Music Publishing Rights Collecting Society. No action is required on your part; however, if you are interested in learning how this affects your video, please open attached file with Content ID Matches section of your account for more information,” the emails read.
While the notification may look legitimate, considering that YouTube does send somewhat similar notifications, in reality, they're part of a cybercriminal campaign that’s designed to spread a piece of malware.
The main difference between these emails and the legitimate ones is that genuine alerts never contain attached files.
Experts from security firm Webroot have analyzed
the malicious emails and have found that the file they carry – Content_ID_Matches.avi.exe – is actually a Trojan detected as Trojan-Downloader. Win32.Andromeda.bm and Trojan.Gamarue.N.
The threat is designed to open a backdoor on the affected host, which allows cybercriminals to take control of the device.
In case you come across such emails, be sure to delete them immediately. Remember, YouTube never attaches files (especially .exe files) to notifications.