Malware alert infographic: YouTube play button with ghost icons spreading infostealers, red archive locks; protective shields for antivirus and reporting, with "Avoid Game Hacks" warning banner over a video feed.

Check Point Research exposed the YouTube Ghost Network, a malware operation using over 3,000 videos since 2021 to distribute infostealers, targeting users seeking game hacks and software cracks. The network employs coordinated accounts for uploading, sharing links, and boosting engagement, evading bans.

Malware alert infographic: YouTube play button with ghost icons spreading infostealers, red archive locks; protective shields for antivirus and reporting, with "Avoid Game Hacks" warning banner over a video feed.Malware alert infographic: YouTube play button with ghost icons spreading infostealers, red archive locks; protective shields for antivirus and reporting, with "Avoid Game Hacks" warning banner over a video feed.

Payloads like Lumma and Rhadamanthys are delivered via password-protected archives and multi-stage loaders like HijackLoader, with frequent updates and redundant hosting on Google Sites, MediaFire, and Dropbox. Videos have garnered hundreds of thousands of views, showing the campaign's reach.

Malware alert infographic: YouTube play button with ghost icons spreading infostealers, red archive locks; protective shields for antivirus and reporting, with "Avoid Game Hacks" warning banner over a video feed.Malware alert infographic: YouTube play button with ghost icons spreading infostealers, red archive locks; protective shields for antivirus and reporting, with "Avoid Game Hacks" warning banner over a video feed.

Protect yourself: Avoid downloading from unverified sources, use antivirus with behavioral detection, and report suspicious videos. This highlights the dangers of trusted platforms for malware distribution.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net