Don't Be Tempted By This Scam On Youtube - How To Protect Yourself

Martin Philip/iStock / Getty Images Plus

Follow ZDNET: Add america arsenic a preferred source on Google.

ZDNET's cardinal takeaways

• The YouTube Ghost Network promoted thousands of scam videos.
• Videos connection crippled hacks aliases pirated software; they administer malware.
• A web of clone accounts makes nan scam videos look genuine.

A malicious web of videos hosted connected YouTube has been discovered by researchers who branded it "one of nan largest malware operations seen connected YouTube."

The researchers' discovery

On Thursday, Check Point researchers published a report that revealed nan scam, dubbed nan YouTube Ghost Network, which they tracked for complete a year. Over 3,000 malicious and fraudulent videos, hosted connected YouTube's platform, dress up nan halfway of nan network. 

Also: If a TikTok 'tech tip' tells you to paste code, it's a scam. Here's what's really happening

The YouTube Ghost Network has apt been progressive since 2021, pinch videos posted consistently complete nan years -- until 2025, erstwhile nan number of videos tripled. 

The YouTube Ghost Network, explained

Over 3,000 YouTube videos, described arsenic portion of a "sophisticated malware distribution network," contained tutorial-style contented that enticed viewers pinch promises of free aliases cracked software, crippled hacks, and crippled cheats. The astir communal lures were for free versions of Adobe Photoshop, FL Studio, and Microsoft Office, alongside hacks for games, including Roblox. 

Easy-to-understand instructions accompanied each video, telling viewers to download a password-protected archive from sources including Google Drive and Dropbox. Once downloaded, users are told to temporarily disable Windows Defender earlier extracting and installing nan record contained successful nan archive. 

If you're trying to usage cracked software, you'd astir apt want to disable information protections, truthful nan request to extremity Windows Defender from catching a pirated record makes consciousness -- moreover though it's dangerous. However, erstwhile a malicious record is launched, users will recognize they person really executed malware connected their PC. 

The investigation squad said this web is being utilized to dispersed accusation stealers, including Rhadamanthys and Lumma. 

However, location is much to this web than conscionable fraudulent videos. The operators of nan scam are utilizing clone and compromised YouTube accounts not only to upload videos, but besides to station links and archive record passwords, and to interact pinch watchers -- posting affirmative feedback that makes nan cracks and tutorials look genuine and safe. 

For example, a compromised YouTube relationship pinch astir 129,000 subscribers posted a video touting a cracked type of Adobe Photoshop, which reached 291,000 views. 

Furthermore, fraudulent Google Ads campaigns person been driving postulation to these videos.

"This modular building allows nan cognition to standard quickly and past relationship bans, making takedowns much analyzable and continuous," Check Point said.

Is this nan only scam of its kind?

No. As a celebrated video hosting platform, YouTube has been abused since its inception to big videos that lead to malicious downloads.

Last year, nan researchers revealed a similar scam connected GitHub. Dubbed nan Stargazers Ghost Network, malicious links and malware packages were distributed via GitHub repositories, pinch clone accounts starring, forking, and subscribing to make them look genuine.  

Also: How Clickfix and AI are helping hackers break into your systems - astatine an alarming rate

In caller months, TikTok, different video hosting platform, has besides been abused for malicious purposes. Content is being posted that promises free package and hacks, on pinch instructions. However, successful this case, scammers are employing Clickfix techniques to dupe users into triggering malicious commands connected their ain devices. 

It takes nary much than a speedy Google hunt to find websites and videos offering crippled hacks, cheats, package cracks, and pirated package downloads -- each of which were themes recovered successful nan latest network's video content. 

How to enactment protected

Check Point has reported nan web to Google, and nan mostly of nan videos progressive successful nan web person been taken down.

However, nan disruption of this malware distribution web is only nan extremity of nan iceberg. These kinds of scams will ne'er spell away, and truthful it is up to america to steer clear of them. 

• Official sources: You should not download package from unofficial sources. While nan lure of free software, gaming cheats, and hacks whitethorn beryllium tempting, you ne'er really cognize what nan record you are installing will do to your strategy -- and let's not hide these practices are often illegal, too.
• Cybersecurity: If immoderate package package aliases installer requires you to disable your antivirus software, this is simply a awesome reddish flag. If you do, you are opening yourself up to information theft, malware, and perchance relationship compromise. 
• Stay suspicious: If thing looks excessively bully to beryllium true, it astir apt is. You should support a precocious level of skepticism earlier downloading immoderate caller package aliases apps. 
• Trust: As nan illustration supra highlights, moreover if a YouTube relationship has a ample number of subscribers, that doesn't mean nan contented it posts is safe. A precocious follower count doesn't guarantee safety, and moreover nan astir celebrated channels could beryllium taken complete by threat actors. This applies to organization posts, too.
• What to do next: If you person downloaded a record aft watching 1 of these videos and you fishy you person executed malware connected your system, you request to enactment fast. Generally speaking, nan first point you should do is trim yourself disconnected from nan internet, arsenic this whitethorn extremity your accusation from being extracted and transferred, and forestall malware from receiving instructions. Re-enable immoderate cybersecurity package you abnormal (if you can) and effort to tally a scan, though immoderate malware whitethorn forestall it. If nan record still exists, delete it. If you can't cleanable your PC yourself, you whitethorn request to return it to an IT specialist. Don't usage a instrumentality you deliberation whitethorn beryllium infected to entree immoderate of your accounts until it is clean, and don't link it to immoderate different devices.