Summary: The video discusses Microsoft’s recent acknowledgment of the presence of malicious content on GitHub, as reported by their threat intelligence group. It details a malvertising campaign that leveraged GitHub for payload delivery, impacting nearly one million devices since December 2024.
Keypoints:
- Microsoft admits GitHub occasionally hosts malicious content.
- A new malvertising campaign utilized GitHub as the main site for delivering payloads.
- The attack is estimated to have begun in December 2024, affecting almost one million devices.
- Attackers began with illegal streaming sites, using iframe redirects to direct users to GitHub repositories.
- Downloaded files would collect system information and send it as a base64 encoded URL.
- Malicious activity varied; it could either download malware or exfiltrate data based on prior collected information.
- Microsoft has provided extensive remediation advice for affected Microsoft products.
- A link to Microsoft’s write-up on the attack is available for further review.
Youtube Video: https://www.youtube.com/watch?v=nbc6_a9IwjE
Youtube Channel: Hak5
Video Published: Mon, 17 Mar 2025 16:01:00 +0000