YouTube Ghost Network: Massive Malware Distribution Operation

Check Point Research uncovered the YouTube Ghost Network, a sophisticated malware distribution operation featuring over 3,000 malicious videos. This network, active since 2021, tripled its activity in 2025, targeting users seeking game hacks, cheats, and software cracks. The network uses compromised accounts to upload malicious content, share download links, and create false legitimacy through positive comments. The most successful video targeted Adobe Photoshop, accumulating 293,000 views. The network primarily distributes infostealers like Rhadamanthys, adapting tactics to evade detection and maintain persistence. The operation highlights the evolving threat landscape where trusted platforms are exploited for malware distribution.

Latest mentioned: 10-24

Earliest mentioned: 10-23

Sources

gbhackers.com checkpoint.com theregister.com

Also Read

PhantomCaptcha Cyberattack Targets Humanitarian Groups

A highly coordinated cyberattack, codenamed PhantomCaptcha, targeted major humanitarian and government groups supporting war relief efforts. The attack, which lasted only 24 hours, involved fake emails and a tricky captcha trap to deploy a remote access trojan. Researchers noted similarities with the COLDRIVER threat group, known for sophisticated operations. The attackers spent six months preparing, indicating a high level of planning and evasion techniques.

10-23Read more →