Cybersecurity researchers revealed two malware campaigns using cracked software and compromised YouTube accounts. CountLoader is a stealthy loader delivering various payloads, while GachiLoader deploys malware through obfuscated scripts on YouTube, demonstrating advanced evasion techniques.

Google has removed over 3,000 YouTube videos that were part of a malware distribution campaign known as the "YouTube Ghost Network," which used fake tutorials to lure viewers into downloading infostealers disguised as cracked software. The operation, which surged in 2025, involved compromised accounts that created a facade of legitimacy through engagement metrics like likes and comments. Check Point's research highlights the evolution of malware distribution tactics, emphasizing the potential dangers of seemingly trustworthy online content.