YouTube Ghost Network Exploits 3,000 Videos for Malware Distribution

First reported

24.10.2025 13:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A malicious network of YouTube accounts, dubbed the YouTube Ghost Network, has been actively distributing malware since 2021. Over 3,000 videos have been published, with a significant increase in volume since the start of the year. The network abuses hacked accounts to promote pirated software and game cheats, infecting users with stealer malware. Google has removed most of these videos. The operation leverages trust signals like views, likes, and comments to make malicious content appear safe. The network uses a role-based structure to maintain operational continuity even when accounts are banned. The malware families distributed include Lumma Stealer, Rhadamanthys Stealer, StealC Stealer, RedLine Stealer, Phemedrone Stealer, and Node.js-based loaders.

Timeline

24.10.2025 13:00 1 articles · 23h ago

YouTube Ghost Network Distributes Malware via 3,000 Videos
Since 2021, the YouTube Ghost Network has been distributing malware through over 3,000 videos, with a significant increase in volume since the start of the year. The network abuses hacked accounts to promote pirated software and game cheats, infecting users with various stealer malware families. Google has removed most of these videos. The operation leverages trust signals and a role-based structure to maintain operational continuity. The network uses URL shorteners to mask the true destination of malicious links.
Show sources

3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation — thehackernews.com — 24.10.2025 13:00
Open in new tab

Information Snippets

The YouTube Ghost Network has been active since 2021.
First reported: 24.10.2025 13:00

1 source, 1 article
Show sources
- 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation — thehackernews.com — 24.10.2025 13:00
Over 3,000 malicious videos have been published, with a tripling in volume since the start of the year.
First reported: 24.10.2025 13:00

1 source, 1 article
Show sources
- 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation — thehackernews.com — 24.10.2025 13:00
The network abuses hacked accounts to promote pirated software and game cheats.
First reported: 24.10.2025 13:00

1 source, 1 article
Show sources
- 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation — thehackernews.com — 24.10.2025 13:00
Some videos have garnered hundreds of thousands of views.
First reported: 24.10.2025 13:00

1 source, 1 article
Show sources
- 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation — thehackernews.com — 24.10.2025 13:00
The network uses a role-based structure with video-accounts, post-accounts, and interact-accounts.
First reported: 24.10.2025 13:00

1 source, 1 article
Show sources
- 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation — thehackernews.com — 24.10.2025 13:00
The malware families distributed include Lumma Stealer, Rhadamanthys Stealer, StealC Stealer, RedLine Stealer, Phemedrone Stealer, and Node.js-based loaders.
First reported: 24.10.2025 13:00

1 source, 1 article
Show sources
- 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation — thehackernews.com — 24.10.2025 13:00
The network leverages trust signals like views, likes, and comments to make malicious content appear safe.
First reported: 24.10.2025 13:00

1 source, 1 article
Show sources
- 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation — thehackernews.com — 24.10.2025 13:00
The network uses URL shorteners to mask the true destination of malicious links.
First reported: 24.10.2025 13:00

1 source, 1 article
Show sources
- 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation — thehackernews.com — 24.10.2025 13:00

Summary

Timeline

YouTube Ghost Network Distributes Malware via 3,000 Videos

Information Snippets