Summary: Microsoft has taken down multiple GitHub repositories linked to a significant malvertising campaign that compromised nearly one million devices globally. The campaign involved attackers inserting ads into pirated streaming videos, which redirected users to malicious GitHub repos, leading to the deployment of various malware payloads. This intricate attack chain includes the use of remote access trojans and information stealers, demonstrating the widespread impact on both consumer and enterprise devices.
Affected: Microsoft, GitHub, various organizations and industries
Keypoints :
- Campaign detected in early December 2024 involved multiple devices downloading malware from GitHub.
- Attackers redirected users from malicious ads in pirated streaming videos to infection vectors on GitHub.
- Final payloads included remote access trojans and information stealers, with additional payloads hosted on Dropbox and Discord.
- Impact spanned across a wide range of organizations, underlining the indiscriminate nature of the attack.