Microsoft Uncovers GitHub Malvertising Campaign Infecting Million Global Devices
2 mins read

Microsoft Uncovers GitHub Malvertising Campaign Infecting Million Global Devices

blog.scshekhar.com0

Microsoft’s security team has uncovered a sophisticated malvertising operation that compromised nearly one million devices worldwide through GitHub repositories. The campaign, tracked as Storm-0408, leveraged illegal streaming sites and complex redirection chains to deploy information stealers and remote access tools to both consumer and enterprise devices.

Key Takeaways:

  • Massive scale attack impacting almost one million devices globally through malvertising
  • Attackers used GitHub repositories as primary payload hosting platforms
  • Campaign deployed multiple information stealers including Lumma and Doenerium
  • Attack chain involved sophisticated redirection through illegal streaming sites
  • Microsoft’s intervention led to the takedown of malicious GitHub repositories

Attack Chain and Delivery Method

The cybercriminals behind Storm-0408 created a complex attack chain starting with malvertising scripts injected into video streams on illegal streaming platforms. The infection process utilized a four to five-layer redirection chain through iframe elements, ultimately leading users to malicious GitHub repositories containing the initial payload.

Malware Arsenal and Deployment

The attack deployed multiple stages of sophisticated malware, including:

  • First-stage payload for system reconnaissance
  • Second-stage components for data collection
  • NetSupport RAT for remote access
  • Information stealers including Lumma and Doenerium

Evasion Techniques

The attackers implemented advanced evasion methods to avoid detection. These included geofencing controls and device fingerprinting to target specific users. The operation used AutoIT and PowerShell scripts for persistence, along with LOLBAS tools like PowerShell.exe, MSBuild.exe, and RegAsm.exe for command and control operations.

Impact and Response

The campaign’s reach extended across numerous organizations and industries, prompting immediate action from Microsoft’s security team. The rapid response included taking down the malicious GitHub repositories and implementing measures to protect affected systems.

Security Recommendations

To protect against similar threats, organizations should implement several critical security measures:

  • Strict policies against accessing pirated content
  • Implementation of system hardening protocols
  • Deployment of role-based access controls
  • Regular security awareness training
  • Enhanced endpoint protection solutions

Leave a Reply

Your email address will not be published. Required fields are marked *

I'm a self-taught web developer who enjoys creating websites and web applications that are both visually appealing and functional.
Website https://blog.scshekhar.com

Related Posts