Malware hidden in YouTube creators’ tutorials exposes users to data theft

New Delhi: Multiple YouTube channels have been found distributing malware under the guise of free software and game tutorials. The videos, which appear to offer cracked tools or cheats, are designed to lure viewers into downloading malicious files that compromise personal data, according to an India Today investigation.

The investigation found that several channels, including some run by Indian creators, encourage users to click on external links in video descriptions or pinned comments. These links often redirect to file-sharing sites such as MediaFire, Legacy Files, or Workupload, where users download password-protected rar or zip files. Once extracted, the bundled malware steals credentials, crypto-wallet data, and browser information.

A major red flag, according to the report, is that some creators explicitly instruct users to disable their antivirus protection before proceeding, a step that helps the malware bypass security defences.

One video titled “Free Download Adobe Premiere Pro” had already crossed 1.58 lakh views. India Today noted that these high-engagement videos allow malicious actors to “blend into YouTube’s creator community without arousing viewers’ suspicion.”

The pattern echoes earlier findings from Check Point Research’s YouTube Ghost Network report, which exposed large-scale malware distribution using fake and compromised YouTube accounts. India Today said its probe identified at least six more channels linked to similar activities.

Pinned comments and shortened URLs conceal mirror links that, when scanned on tools such as VirusTotal, trigger phishing warnings. India Today observed that “as cybercriminals go mainstream, even trusted platforms like YouTube are becoming malware minefields.”

The investigation highlights the growing challenge of regulating digital platforms where polished, legitimate-looking content can easily conceal security threats.