A sophisticated new YouTube Discord malware campaign is making waves in the cybersecurity world. Threat actors are now leveraging the combined power of YouTube and Discord to distribute info-stealing malware that can compromise everything from browser passwords to cryptocurrency wallets.
The malware campaign, uncovered by researchers at Netskope, relies on a clever strategy: hijack legitimate YouTube channels, upload videos with enticing software offers, and drop malicious links via Discord’s content delivery network (CDN).
This latest info-stealer attack unfolds in multiple stages:
Compromised YouTube Channels
Hackers gain control of popular or aged YouTube channels and publish videos advertising free or cracked versions of high-demand software such as Adobe products, AI tools, or even Windows activation hacks.
Discord as a Hosting Tool
These YouTube videos then include links to download the fake tools. But the actual malicious files are hosted on Discord’s CDN, which is a clever move that bypasses many traditional URL filters and firewalls.
Payload Deployment
Once downloaded, the supposed “software” silently installs malware such as RedLine, RisePro, or Lumma Stealer on the user’s system. These info-stealers immediately begin harvesting data including saved passwords, system info, browser cookies, credit card data, and crypto wallet keys.
Security firm Netskope confirmed that many of these malware variants use dynamic link libraries (DLLs) to disguise their presence and evade detection. Even worse, since these files are often compressed using password-protected ZIPs, antivirus solutions are less likely to flag them.
The YouTube Discord malware campaign is especially dangerous because it uses trusted platforms to reach users. By exploiting Discord’s CDN and the credibility of aged YouTube channels, attackers are effectively bypassing user skepticism.
This is not the first time Discord has been abused for malware distribution. But combining it with YouTube’s far-reaching influence introduces a new level of scalability and deception. With info-stealer malware on the rise in 2025, users are being urged to avoid downloading software from non-official sources and to treat Discord-hosted files with extreme caution.
If you frequently watch software tutorial videos or hang out in gaming communities, it is time to double-check your downloads. Because behind that tempting AI tool link might be a stealthy malware ready to raid your digital life.