"Researchers at Check Point say the so-called "YouTube Ghost Network" hijacked and weaponized legitimate YouTube accounts to post tutorial videos that promised free copies of Photoshop, FL Studio, and Roblox hacks, but instead lured viewers into installing infostealers such as Rhadamanthys and Lumma. The campaign, which has been running since 2021, surged in 2025, with the number of malicious videos tripling compared to previous years."
""This operation took advantage of trust signals, including views, likes, and comments, to make malicious content seem safe," said Eli Smadja, security research group manager at Check Point. "What looks like a helpful tutorial can actually be a polished cyber trap. The scale, modularity, and sophistication of this network make it a blueprint for how threat actors now weaponise engagement tools to spread malware.""
Google removed thousands of YouTube videos that distributed password‑stealing malware disguised as cracked software and game cheats. The YouTube Ghost Network hijacked and weaponized legitimate accounts to post tutorials promising free copies of Photoshop, FL Studio, and Roblox hacks but delivered infostealers like Rhadamanthys and Lumma. The campaign ran from 2021 and surged in 2025, tripling malicious uploads; over 3,000 infected videos were removed after collaboration between Check Point and Google. The network used fake and compromised accounts to post content, flood comments with praise and emojis, and share download links; victims were told to disable antivirus and install archives that contained malware.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]