- YouTube has removed 3,000 malicious videos disguised as ‘Cracked software’
- These were used to spread malware and infostealers like Lumma
- The network used fake positive engagement to garner trust
Google has removed a 3,000 strong network of malicious YouTube videos used to spread malware.
Check Point Research says it discovered the ‘YouTube Ghost Network’ – a ‘sophisticated and coordinated’ campaign of videos which took advantage of YouTube’s features to promote its own harmful content.
The videos were primarily disguised as ‘Game Hack/Cheat’ and ‘Software Cracks/Piracy’ – areas with a large viewership that often encouraged the audience to download software. Such ‘cracked’ software is illegal, and these downloads often contain malware.
Malware and infostealers
These videos were not necessarily spammy in nature. Researchers identified one video targeting Adobe Photoshop with 293,000 views and 54 comments, as well as a video targeting FL Studio that had amassed 147,000 views – these would appear legitimate based on the sheer number of interactions.
The Ghost Network distributed malware through these software downloads – specifically through infamous Rhadamanthys, Lumma stealer, and RedLine infostealers and malware strains.
This tactic of using malicious social media posts to trick users into downloading harmful software is far from unheard of, with Reddit pages and WeTransfer pages also discovered earlier in 2025 spreading Lumma malware in a similar campaign.
“The network appears to be active at least since 2021, maintaining a steady output of malicious content each year,” Check Point wrote in its report. “Notably, in 2025, the creation of such videos has tripled, highlighting both the scalability and increasing effectiveness of this malware distribution campaign.”
One of the reasons this campaign in particular was so potent is the network of positive interactions it cultivated – disarming viewers and building a high level of trust. One set of accounts were observed uploading videos, while another set would like/comment/subscribe to the accounts, and another group would post positive updates and messages.
In years gone by, high viewership and positive interactions indicated a safe or legitimate service, but now with reports suggesting that up to 50% of all internet traffic comes from bots – viewers are forced to be more careful than ever.
The best antivirus for all budgets
https://cdn.mos.cms.futurecdn.net/iS5X9iCBJ8WJ85eiAPtBwd-2560-80.jpg
Source link
