Check Point Research uncovered a sophisticated malware distribution campaign operating on YouTube, dubbed the YouTube Ghost Network. This network utilizes over 3,000 malicious videos to spread malware, primarily targeting users seeking game cheats and pirated software. The operation involves compromised accounts with specific roles: video uploaders, community posters, and interaction simulators. The network has been active since 2021, with a significant increase in activity in 2025. It mainly distributes infostealer malware, with Lumma and Rhadamanthys being prevalent. The campaign employs various tactics to evade detection, including password-protected archives and frequent updates to payloads and C2 infrastructure. This research highlights the evolving nature of malware distribution methods and the need for enhanced cybersecurity measures.