3,000 Youtube Videos Exposed As Malware Traps In Massive Ghost...
A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust associated with the video hosting platform for propagating malicious payloads.
Active since 2021, the network has published more than 3,000 malicious videos to date, with the volume of such videos tripling since the start of the year. It has been codenamed the YouTube Ghost Network by Check Point. Google has since stepped in to remove a majority of these videos.
The campaign leverages hacked accounts and replaces their content with "malicious" videos that are centred around pirated software and Roblox game cheats to infect unsuspecting users searching for them with stealer malware. Some of these videos have racked up hundreds of thousands of views, ranging from 147,000 to 293,000.
"This operation took advantage of trust signals, including views, likes, and comments, to make malicious content seem safe," Eli Smadja, security research group manager at Check Point, said. "What looks like a helpful tutorial can actually be a polished cyber trap. The scale, modularity, and sophistication of this network make it a blueprint for how threat actors now weaponize engagement tools to spread malware."
The use of YouTube for malware distribution is not a new phenomenon. For years, threat actors have been observed hijacking legitimate channels or using newly created accounts to publish tutorial-style videos with descriptions pointing to malicious links that, when clicked, lead to malware.
These attacks are part of a broader trend where attackers repurpose legitimate platforms for nefarious purposes, turning them into an effective avenue for malware distribution. While some of the campaigns have abused legitimate ad networks, such as those associated with search engines like Google or Bing, others have capitalized on GitHub as a delivery vehicle, as in the case of the Stargazers Ghost Network.
One of the main reasons why Ghost Networks has taken off in a big way is that they can not only be used to amplify the perceived legitimacy of the links shared, but also maintain operational continuity even when the accounts are banned or taken down by the platform owners, thanks to their role-based structure.
"These accounts take advantage of various platform features, such as videos, descriptions, posts (a lesser-known YouTube feature similar to Facebook post), and comments to promote malicious content and di
Source: The Hacker News
