A mass malware campaign is infecting users with a cryptocurrency miner disguised as a tool for bypassing internet restrictions. The campaign has affected over 2,000 victims in Russia, utilizing YouTube channels to spread malicious links. Attackers are blackmailing content creators to post videos with infected file links, threatening channel shutdowns. The malware uses a multi-stage infection process, including a Python loader that downloads and executes the SilentCryptoMiner. This miner, based on XMRig, employs stealth techniques like process hollowing and can mine various cryptocurrencies. The campaign highlights the growing exploitation of restriction bypass tools for malware distribution, posing significant risks to user data security.