Malicious Ads On Illegal Streaming Sites Infected 1 Million PCs, Microsoft Warns

Image by Cottombro Studio, from Pexels

Malicious Ads On Illegal Streaming Sites Infected 1 Million PCs, Microsoft Warns

Reading time: 2 min

Microsoft has shut down multiple GitHub repositories that were being used in a large-scale malvertising campaign affecting nearly one million devices worldwide.

In a Rush? Here are the Quick Facts!

  • Cybercriminals used malicious ads on illegal streaming sites to spread malware.
  • Malware stole personal data, compromised security, and allowed remote control of devices.
  • The campaign, called Storm-0408, used legitimate tools to blend with system operations.

The company discovered the attack in December 2024, when its threat intelligence team noticed malware being downloaded from GitHub onto users’ devices.

According to a Microsoft analysis, cybercriminals planted malicious ads inside videos on illegal streaming websites. These ads redirected unsuspecting users to GitHub, where malware was secretly downloaded onto their systems.

Once installed, the malware deployed additional harmful programs designed to steal personal information, compromise security, and allow attackers to maintain control over infected devices.

Microsoft’s analysis revealed that the campaign was highly organized, using multiple stages to spread malware. The first step involved luring users to GitHub, Discord, or Dropbox, where the malware was hosted.

Once downloaded, the malware collected data about the infected system, including memory size, operating system details, and user information. The attackers then used this data to deploy even more harmful programs, including information-stealing malware like Lumma Stealer and Doenerium.

In some cases, a remote monitoring tool called NetSupport was also installed, allowing attackers to control infected devices remotely. The campaign, tracked by Microsoft under the name Storm-0408, was designed to be difficult to detect. Attackers used legitimate tools like PowerShell and JavaScript to blend in with normal system operations.

They also implemented persistence techniques, such as modifying registry settings and adding startup shortcuts, to ensure that the malware remained on the infected devices even after a restart.

Microsoft worked with GitHub’s security team to remove the malicious repositories, preventing further infections. However, the company warned that similar attacks could happen in the future. It urged users to be cautious when visiting illegal streaming sites and to keep their software and security protections updated.

The blog post also provided technical details for cybersecurity professionals, including ways to detect signs of infection and prevent similar threats.

Microsoft emphasized the need for organizations to stay vigilant against evolving cyber threats, especially those leveraging trusted platforms like GitHub to spread malware.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
5.00 Voted by 2 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...