Cybercriminals are targeting YouTube creators with a sophisticated malware campaign using the Clickflix technique. Attackers impersonate popular brands and offer fake collaboration opportunities to lure victims. The campaign employs spearphishing emails with malicious attachments and links to fake Microsoft webpages. These pages trick users into executing PowerShell scripts that download and run malware, such as Lumma Stealer. The malware steals browser data, cryptocurrency wallet information, and other sensitive data, transmitting it to command and control servers. The attack chain includes stealth and persistence mechanisms to evade detection. This campaign exploits content creators' interest in brand deals and partnerships, representing an evolution of previously observed tactics against YouTube channels.