Google Removes Over 3000 YouTube Videos Distributing Infostealers in Ongoing Campaign

Google has removed more than 3000 YouTube videos that were distributing infostealers under the guise of cracked software and game cheats. This campaign, dubbed "YouTube Ghost Network" by Check Point researchers, has been active since 2021 and has seen a threefold increase in activity in 2025. Infostealers are a type of malware designed to exfiltrate sensitive information from infected systems. The use of YouTube as a distribution platform is particularly concerning due to the platform's widespread use and perceived trustworthiness. The campaign's longevity and growth indicate a sophisticated and organized threat actor. The technical implications of this campaign are significant. Infostealers can lead to identity theft, financial loss, and unauthorized access to corporate networks. The distribution method—posing as pirated software or game cheats—exploits users' desire for free or enhanced software, making it an effective social engineering tactic. The impact on the cybersecurity landscape is substantial. This campaign demonstrates how threat actors are leveraging popular platforms to distribute malware, highlighting the need for increased vigilance and improved detection mechanisms. It also underscores the importance of user education regarding the risks of downloading software from untrusted sources. From an expert perspective, this campaign is indicative of a broader trend where malware distribution is becoming more sophisticated and targeted. The use of YouTube as a distribution channel is particularly notable, as it allows threat actors to reach a large audience with minimal effort. Cybersecurity professionals should be aware of this campaign and monitor for similar activities on other platforms. Actionable intelligence from this incident includes the need for organizations to ensure their endpoint protection solutions are up-to-date and capable of detecting and mitigating infostealer malware. Users should be educated about the risks of downloading software from untrusted sources, even if they appear on reputable sites like YouTube. In conclusion, the "YouTube Ghost Network" campaign is a significant threat that highlights the evolving tactics of malware distribution. Cybersecurity professionals must remain vigilant and proactive in their defenses to mitigate the risks posed by such campaigns.