- Microsoft says that he discovered a great campaign of malvertling
- The objective was to deploy infosteralists as wide as possible
- The company has deleted a non -disclosed number of GitHub standards in response
More than a million PCs have been infected with infosteralists thanks to massive malvertling campaign, new research from Microsoft safety researchers revealed.
The campaign begins on illegal streaming sites where people can look at hacked content. Apparently, cybercriminals have injected announcements into these videos, who sent visitors through Russian Mountains of Redirects, before landing on one of the many GitHub standards under the control of the attackers.
There, they would download the first payload which would perform the discovery of the system and collect the system information (operating system data, screen resolution, memory size, etc.), the exfiltant it on a server under the control of the attackers, while deploying the second-stage payload.
Infostolers in action
The second -stage payload depends on the compromised device. In some cases, it will be a Troy (RAT) to the Net Pupport Access, followed by the Lummma Stealer or Doererium Infostealer. This malware can enter people’s connection identification information, cryptocurrency information, bank details, etc. In other cases, the malicious software will download an executable file that runs a CMD and abandons a renowned Auto interpreter with an .com extension.
Autoit then performs a few additional steps which finally lead to the same result – the exfiltration of sensitive files of the target system.
In most cases, the useful charges have been hosted on GitHub, and Microsoft said that it had deleted a non -disclosed number of standards. However, malware has also been hosted on Dropbox and Discord. He did not assign the campaign to a particular threat actor and said the victims had been found in a wide range of industries.
“This activity is followed under the name of the Storm-0408 umbrella that we use to follow many threat actors associated with remote access or malicious flight software and which use phishing, optimization of search engines (SEO) or Malvertist campaigns to distribute useful malicious charges,” said Microsoft.
“The campaign has had an impact on a wide range of organizations and industries, including consumer and business devices, highlighting the blind nature of the attack.”
Via Bleeping Compompute
