How are hackers using YouTube to distribute malware?

Hackers are using compromised accounts, fake engagement, and clever social engineering to spread malware disguised in more than 3,000 software cracks and game hack videos on YouTube.

What types of malware are being distributed through the YouTube Ghost Network?

The malware delivered through this network includes Lumma Stealer, Rhadamanthys, StealC, and RedLine, which harvest sensitive information like passwords, browser data, and other personal details.

Home / Technology / YouTube's Dark Side: Hackers Leverage Fake Engagement to Distribute Malware

YouTube's Dark Side: Hackers Leverage Fake Engagement to Distribute Malware

Q: What is the "YouTube Ghost Network"?

The "YouTube Ghost Network" is a malware distribution network that has been actively spreading information-stealing malware through the YouTube platform since 2021, with a threefold surge in activity in 2025.

4 Nov

•

Summary

Hackers using compromised accounts and fake engagement to spread malware in over 3,000 software cracks and game hack videos
Malware such as Lumma Stealer, Rhadamanthys, StealC and RedLine stealing passwords, browser data and other sensitive information
Attackers leveraging a modular, role-based structure to quickly replace banned accounts and maintain the operation

YouTube's Dark Side: Hackers Leverage Fake Engagement to Distribute Malware

According to recent research, a malware distribution network known as the "YouTube Ghost Network" has been actively spreading information-stealing malware through the platform since 2021. The network has seen a threefold surge in activity in 2025, leveraging a sophisticated formula that blends social manipulation with technical stealth.

The primary targets are users searching for "Game Hacks/Cheats" and "Software Cracks/Piracy." Hackers use compromised accounts and fake engagement, such as positive comments, likes, and community posts, to give their malicious content an air of legitimacy. This psychological trick tricks viewers into believing the content is widely trusted, allowing the operation to persist even when individual videos or channels are removed.