BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

YouTube Ghost Network Spreads Malware via Malicious Video Campaigns

YouTube Ghost Network: A Sophisticated Malware Distribution Scheme Exploiting Platform Engagement and Compromised Accounts

  • A network of YouTube accounts has been spreading Malware by sharing videos that link to harmful downloads.
  • The network, active since 2021 and called the YouTube Ghost Network, has published over 3,000 malicious videos.
  • These videos often promote pirated software and game cheats to attract viewers and spread malware known as stealers.
  • The network uses a role-based structure with compromised accounts performing specific tasks to maintain operations even if some accounts are removed.
  • This method exploits YouTube’s engagement features like views, likes, comments, and posts to gain trust and distribute malware effectively.

A group of YouTube accounts has been identified as part of a malicious network that publishes and promotes videos leading to malware downloads. This activity, ongoing since 2021, uses the popular video platform to distribute harmful software by exploiting user trust.

- Advertisement -

Known as the YouTube Ghost Network by Check Point, the group has uploaded more than 3,000 malicious videos. The number of these videos has tripled since early 2025. Many affected videos have been taken down by Google, following the discovery.

The network hijacks YouTube accounts and replaces their content with videos centered on pirated applications and Roblox game cheats. These videos entice users with thousands of views—ranging from about 147,000 to 293,000—into downloading stealer malware, which is designed to steal information from infected devices.

“This operation took advantage of trust signals, including views, likes, and comments, to make malicious content seem safe,” stated Eli Smadja, security research group manager at Check Point. “What looks like a helpful tutorial can actually be a polished cyber trap. The scale, modularity, and sophistication of this network make it a blueprint for how threat actors now weaponize engagement tools to spread malware.”

These tactics are part of a wider trend where attackers use legitimate platforms for harmful purposes. The network relies on compromised accounts assigned distinct roles: video-accounts upload phishing videos, post-accounts share community messages, and interact-accounts increase credibility by liking and commenting. This role-based system helps keep the network operational even when some accounts are banned.

- Advertisement -

“The majority of the network consists of compromised YouTube accounts, which, once added, are assigned specific operational roles. This role-based structure enables stealthier distribution, as banned accounts can be rapidly replaced without disrupting the overall operation,” explained security researcher Antonis Terefos.

Links found in video descriptions and comments often redirect users to cloud storage services or phishing pages. These links frequently use URL shorteners to hide the true destination. Malware distributed includes variants such as Lumma Stealer, Rhadamanthys Stealer, and RedLine Stealer.

Specific compromised channels include @Sound_Writer with nearly 9,700 subscribers and @Afonesio1 with 129,000 subscribers. The latter was used to advertise cracked Adobe Photoshop installs that delivered malware loaders.

Check Point noted, “The ongoing evolution of malware distribution methods demonstrates the remarkable adaptability and resourcefulness of threat actors in bypassing conventional security defenses. Adversaries are increasingly shifting toward more sophisticated, platform-based strategies, most notably, the deployment of Ghost Networks.”

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

SK Hynix ADR gains vanish in under a day

SK Hynix's ADRs rose 12.7% on Nasdaq debut Friday but the entire gain was...

Binance futures hit 2026 high as spot market lags

Binance recorded $1.6 trillion in futures trading volume in June, its highest level of...

CISA adds two critical Joomla extension flaws to KEV list

U.S. CISA added two maximum-severity Joomla extension flaws to its Known Exploited Vulnerabilities (KEV)...

Russia, India push de-dollarization to hit $100 billion trade target

Russia and India are accelerating a bilateral trade deal to reach a $100 billion...

AI freelancers could drive $262B in stablecoin payments by 2033

Swyftx projects that $262 billion of the AI-native gig economy's payment volume could be...

Must Read

The 13 Best Crypto Advertising Networks to Grow Your Project

TABLE OF CONTENTSWhy Traditional Ad Networks (Like Google & Facebook) Fail CryptoQuick-View Comparison TableHow to Choose the Right Crypto Ad Network for Your ProjectBest...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading