Cybercriminals are reportedly targeting people interested in pirated and cracked software downloads by exploiting YouTube and Google search results. Researchers at Trend Micro have observed threat actors posing as “guides” providing legitimate software installation tutorials, whilst including malware in links to software downloads. The attackers often use trusted file hosting services to hide the source of their malware and make its detection and removal more challenging. The operation appears to resemble a campaign from approximately a year ago that spread Lumma Stealer malware via weaponized YouTube channels.

Sonatype reports rise in open source malware to 17,954
The 1Q 2025 Open Source Malware Index from Sonatype revealed that open source malware packages doubled compared to the same period last year, with 56%