Summary: Microsoft has reported a large-scale malvertising campaign that has affected over one million devices worldwide, targeting both consumer and enterprise systems to steal sensitive information. The attack, part of a broader effort called Storm-0408, utilized illegal streaming sites and platforms like GitHub, Discord, and Dropbox to deliver malware. The sophisticated multi-stage attack involved multiple layers of redirection and various scripts for data theft and system reconnaissance.
Affected: Organizations and individuals utilizing consumer and enterprise devices globally
Keypoints :
- Campaign estimated to impact over one million devices, originating from illegal streaming websites.
- Utilized GitHub and other platforms to host and deliver malware payloads like Lumma Stealer and Doenerium.
- Employs a multi-stage infection process with advanced redirection and data exfiltration techniques.
- PowerShell scripts were used to identify security software and potential cryptocurrency wallets for targeted financial data theft.
- Associated threats include decoy sites promoting fake AI chatbots to trick users into installing malware.
Source: https://thehackernews.com/2025/03/microsoft-warns-of-malvertising.html