A cybercrime campaign is targeting users of pirated media sites with a fake video player update that deploys a modified SilentCryptoMiner and a Remote Access Trojan (RAT). The malware utilizes DLL side-loading, DNS tunneling for initial check-ins, and a DGA for C2 communications, while employing a Watchdog component to ensure persistence via a rogue Google Update service.