FlagThis

Microsoft is warning of a large-scale malvertising campaign that has impacted nearly one million devices worldwide, starting in early December 2024. The attack originates from illegal streaming websites using embedded malvertising redirectors. These redirectors lead users to GitHub, Discord, and Dropbox where initial access payloads are hosted. The primary goal of this campaign, tracked under the name Storm-0408, is to steal sensitive information from both consumer and enterprise devices, highlighting the indiscriminate nature of the attack.

The attackers used a multi-stage approach, with GitHub serving as the primary platform for delivering the initial malware. This malware then deploys additional malicious files and scripts designed to collect system information and exfiltrate documents and data. Microsoft has since taken down the malicious repositories with the collaboration of the GitHub security team. The attack also employs a sophisticated redirection chain, with the initial redirector embedded within an iframe element on the illegal streaming websites.

ImgSrc: mnwa9ap4czgf-u1

References :

• The Hacker News: Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide
• Microsoft Security Blog: Malvertising campaign leads to info stealers hosted on GitHub
• CyberInsider: Microsoft has uncovered a large-scale malvertising campaign that compromised nearly one million devices worldwide, distributing information-stealing malware via GitHub. The attack, detected in early December 2024, originated from illegal streaming websites that redirected users through multiple malicious domains before delivering payloads hosted on GitHub, Dropbox, and Discord.
• Hidden Dragon ??: Nearly 1 million Windows devices were targeted in recent months by a sophisticated "malvertising" campaign that surreptitiously stole login credentials, cryptocurrency, and other sensitive information from infected machines.
• hackread.com: Microsoft Dismantles Malvertising Scam Using GitHub, Discord, Dropbox
• www.techradar.com: Microsoft reveals over a million PCs hit by malvertising campaign
• www.bleepingcomputer.com: Microsoft says malvertising campaign impacted 1 million PCs
• Tech Monitor: Microsoft neutralises malvertising scheme that affected one million devices
• Cyber Security News: Microsoft Warns That 1 Million Devices Are Infected by Malware from GitHub
• gbhackers.com: 1 Million Devices Infected by Malware from GitHub
• The Register - Security: Microsoft admits GitHub hosted malware that infected almost a million devices
• securityonline.info: Microsoft Uncovers Massive Malvertising Campaign Distributing Info Stealers via GitHub
• Virus Bulletin: Microsoft researchers detail their investigation of a large-scale malvertising campaign that impacted nearly one million devices globally in an opportunistic attack to steal information.
• www.itpro.com: Microsoft has alerted users to a malvertising campaign leveraging GitHub to infect nearly 1 million devices around the world.
• Security Risk Advisors: Malvertising Campaign Targets One Million Devices with Info Stealers Hosted on GitHub
• Digital Information World: Microsoft Discovers Massive Malvertising Campaign Infecting Over 1 Million Devices
• securityaffairs.com: Microsoft Threat Intelligence Center (MSTIC) observed a massive malvertising campaign leveraging GitHub to deliver malware.
• www.csoonline.com: Almost 1 million business and home PCs compromised after users visited illegal streaming sites: Microsoft
• The DefendOps Diaries: 🚩 Malvertising Campaign Targets One Million Devices with Info Stealers Hosted on GitHub

Classification:

• HashTags: #Malvertising #InfoStealer #GitHub
• Company: Microsoft
• Target: Nearly one million devices globally
• Attacker: Microsoft Threat Intelligence
• Product: GitHub
• Feature: malvertising
• Malware: Storm-0408
• Type: Malware
• Severity: Major