Back to blog

Youtube Starts Taking Down Android Malware Demos


3 min read
Youtube Starts Taking Down Android Malware Demos

I woke up today to Google’s announcement of the Alphabet project but went to sleep to Youtube’s notification that one of my most watched videos (and the only one on my channel that made it to Neil Rubenking’s Security Watch column on PC Magazine) has been removed for ‘spam, scams, and commercially deceptive content’.

Out of those 11,000 viewers, two users have reported it as potentially harmful and it was enough for the Youtube review team to delist my video.

I’m talking about the AndroRAT demonstration video, a piece of content that has been so severely abused by the community that I eventually stopped sending takedown notices to Youtube & co. There are still a couple of accounts that still have a ripped off version of my original video.

One of the first things I did was dispute the accusation in good faith, knowing that I have not infringed over anybody’s work, nor was I misleading potential viewers. Initially, I thought that the red flag might have been triggered by the fact that the video demonstrated how malware works, but hey, I have plenty of videos documenting this behaviour on the same Youtube account.

It must be something related to Android, and this upset the Youtube team. Because Youtube and Android are all owned by the same entity: Google, now turned Alphabet. Shortly thereafter, I received a notification reading that the ban still stands.

So, why is this happening?

For years, Google has attempted to downplay the impact of malware on the Android platform. Google’s Open Source program manager Chris DiBona himself took a swing at the anti-malware industry, calling them charlatans for pointing out issues with Android. Then the rest followed: papers pointing out that “LESS THAN 0.001% OF ALL APP INSTALLATIONS LEAD TO HARMFUL EFFECTS TO THE USER”.

But this is not what we’re seeing internally. AndroRAT, for instance, which actually was the object of the “infringing” video itself, was installed, in one year alone, on over 50,000 devices. And I’m not talking about Android systems in third-world countries, because our telemetry shows that these infections thrive all over the world, from US and Canada to France and Germany.

But the AndroRAT video is here to stay. I have moved all the contents of my Youtube channel on Vimeo. If you need it, here is the video:

A short video demonstrating the capabilities of AndroRAT - an open-source Android Trojan that acts as a device backdoor. For more information, please visit