- YouTube has eliminated 3,000 malicious movies disguised as ‘Cracked software program’
- These have been used to unfold malware and infostealers like Lumma
- The community used faux optimistic engagement to garner belief
Google has eliminated a 3,000 sturdy community of malicious YouTube movies used to unfold malware.
Verify Level Analysis says it found the ‘YouTube Ghost Community’ – a ‘refined and coordinated’ marketing campaign of movies which took benefit of YouTube’s options to advertise its personal dangerous content material.
The movies have been primarily disguised as ‘Sport Hack/Cheat’ and ‘Software program Cracks/Piracy’ – areas with a big viewership that usually inspired the viewers to obtain software program. Such ‘cracked’ software program is against the law, and these downloads typically comprise malware.
Malware and infostealers
These movies weren’t essentially spammy in nature. Researchers recognized one video concentrating on Adobe Photoshop with 293,000 views and 54 feedback, in addition to a video concentrating on FL Studio that had amassed 147,000 views – these would seem authentic based mostly on the sheer variety of interactions.
The Ghost Community distributed malware via these software program downloads – particularly via notorious Rhadamanthys, Lumma stealer, and RedLine infostealers and malware strains.
This tactic of utilizing malicious social media posts to trick customers into downloading dangerous software program is much from unparalleled, with Reddit pages and WeTransfer pages additionally found earlier in 2025 spreading Lumma malware in the same marketing campaign.
“The community seems to be energetic at the least since 2021, sustaining a gradual output of malicious content material annually,” Verify Level wrote in its report. “Notably, in 2025, the creation of such movies has tripled, highlighting each the scalability and growing effectiveness of this malware distribution marketing campaign.”
One of many causes this marketing campaign specifically was so potent is the community of optimistic interactions it cultivated – disarming viewers and constructing a excessive degree of belief. One set of accounts have been noticed importing movies, whereas one other set would love/remark/subscribe to the accounts, and one other group would put up optimistic updates and messages.
In years passed by, excessive viewership and optimistic interactions indicated a secure or authentic service, however now with reviews suggesting that as much as 50% of all web visitors comes from bots – viewers are compelled to be extra cautious than ever.
The perfect antivirus for all budgets
