Monday , July 13 2026
infostealer malware

Check Point Research: "YouTube Ghost Network"
Hacker Used Over 3,000 Malicious Videos to Spread Infostealer Malware

A report reveals that over 3,000 malicious YouTube videos were used to spread infostealer malware. Check Point Research has named a major malware operation the “YouTube Ghost Network.” It uses fake YouTube accounts to spread infostealer malware like Rhadamanthys and Lumma.

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

Game hacks and cheats and software cracks and piracy were the most targeted categories. “It is important to emphasize that the use of cracked software is illegal and that such versions frequently contain hidden malware,” Check Point said.

The top malicious videos were about Adobe Photoshop, with 293,000 views, and FL Studio, with 147,000 views.

Compromised YouTube Accounts Used to Spread Infostealer Malware:

Many of the compromised YouTube accounts are used to post harmful videos and interact with them to make the accounts seem trustworthy.

“This role-based structure enables stealthier distribution, as banned accounts can be rapidly replaced without disrupting the overall operation,” the report said.

The most targeted game from the “Game Hacks/Cheats” category was Roblox, with 380 million monthly active users and about 111.8 million daily active users. In the “Software Cracks/Piracy” category, Adobe products are the main targets, led by Photoshop and Lightroom.

Video posts often contain external links that lead to file-sharing services like MediaFire, Dropbox, or Google Drive, or to phishing sites on platforms like Google Sites, Blogspot, or Telegraph (telegra.ph). These pages often link to malicious software and use shortened URLs to disguise the actual destination.

Videos typically include a download link and a shared password. Instructions usually recommend temporarily disabling Windows Defender to prevent “false alerts.”

“Don’t worry – the archive is clean,” assures one post after telling potential victims to temporarily disable Windows Defender. “Defender may trigger a false alert due to the way Setup.exe works with installations.”

Most malware cases involve infostealers. Lumma was the most widely distributed before it was disrupted, followed by Rhadamanthys, with StealC and Redline also being noted.

Compromised YouTube Accounts Distributed Malicious Pirated Photoshop
The report detailed two compromised YouTube channels and accounts.

The YouTube channel @Sound_Writer, with 9,690 subscribers, published videos that were mainly focused on cryptocurrency software and gaming. “Our analysis indicates that this account has been compromised for over a year, as evidenced by the appearance of malicious videos that differ significantly from the channel’s previous content,” Check Point said.

The @Afonesio1 account, which has about 129,000 subscribers, was hacked between December 3, 2024, and January 5, 2025, and has posted four videos to spread malware.

One of the account’s most viewed videos, with 291,155 views and 54 positive comments, “was used to lure unsuspecting viewers into downloading and executing a cracked version of Adobe Photoshop.”

The video description included a community message link and the password for a protected file. Check Point noted the post got around 1,200 likes and many positive comments about the software. The shortened link led users to Dropbox to download the file.

The archive had a file named Adobe.Photoshop.2024.v25.1.0.120.exe, a cracked version of Adobe Photoshop. The report notes, “It’s unclear if the positive reviews come from actual users who got infected or from fake accounts using AI to promote the malware.”

“The ongoing evolution of malware distribution methods demonstrates the remarkable adaptability and resourcefulness of threat actors in bypassing conventional security defenses,” Check Point concluded. “While email phishing remains a well-known and persistent threat, our research reveals that adversaries are increasingly shifting toward more sophisticated, platform-based strategies, most notably, the deployment of Ghost Networks. These networks leverage the trust inherent in legitimate accounts and the engagement mechanisms of popular platforms to orchestrate large-scale, persistent, and highly effective malware campaigns.”

Check Also

FortiGate

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the …