Microsoft Says One Million Devices Impacted by Infostealer Campaign

1 month ago
March 7, 2025
1 reply
10 views

+54

Jasper_The_Rasper
Moderator
11631 replies

Microsoft has uncovered a malvertising campaign that redirected users to information stealers hosted on GitHub.

March 7, 2025 By Ionut Arghire

Newly one million devices have been impacted by a malvertising campaign redirecting users to information stealer malware hosted on GitHub, Microsoft reports.

The campaign, attributed to a threat actor tracked as Storm-0408, targeted the visitors of illegal streaming websites, where malvertising redirectors led to an intermediate site and then to the Microsoft-owned code hosting platform.

The opportunistic attacks, which mainly relied on GitHub to host malware, but also on Discord and Dropbox, impacted “a wide range of organizations and industries, including both consumer and enterprise devices”, Microsoft says.

The multi-layers infection chain observed in these attacks included the GitHub-hosted first-stage payload acting as a dropper, second-stage files for system discovery and system information theft, and third-stage payloads for additional malicious activities.

>>Full Article<<

+63

TripleHelix
Moderator
9178 replies
1 month ago
March 8, 2025

Nearly 1 million Windows devices targeted in advanced “malvertising” spree

Malware stole login credentials, cryptocurrency, and more from infected machines.

Mar 7, 2025 3:23 p.m

Nearly 1 million Windows devices were targeted in recent months by a sophisticated "malvertising" campaign that surreptitiously stole login credentials, cryptocurrency, and other sensitive information from infected machines, Microsoft said.

The campaign began in December, when the attackers, who remain unknown, seeded websites with links that downloaded ads from malicious servers. The links led targeted machines through several intermediary sites until finally arriving at repositories on Microsoft-owned GitHub, which hosted a raft of malicious files.

Chain of events

The malware was loaded in four stages, each of which acted as a building block for the next. Early stages collected device information, presumably to tailor configurations for the later ones. Later ones disabled malware detection apps and connected to command-and-control servers; affected devices remained infected even after being rebooted.

“Depending on the second-stage payload, either one or multiple executables are dropped onto the compromised device, and sometimes an accompanying encoded PowerShell script,” Microsoft researchers wrote Thursday. “These files initiate a chain of events that conduct command execution, payload delivery, defensive evasion, persistence, C2 communications, and data exfiltration.”

Full Article

Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯

Microsoft has uncovered a malvertising campaign that redirected users to information stealers hosted on GitHub.

Nearly 1 million Windows devices targeted in advanced “malvertising” spree

Chain of events

Reply

Related Topics

Adobe Security Bulletin: 14 May 2024

Adobe Security Bulletins and Advisories November 12, 2024

Adobe Security Bulletin: 08 Oct 2024

Adobe Security Bulletin: 11 June 2024

Adobe Calls Attention to Massive Batch of Code Execution Flaws

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded