Microsoft has uncovered a security breach that compromised passwords from almost one million computers through websites offering movie downloads
We are increasingly vulnerable to phishing techniques and more sophisticated methods of injecting malware into users' computers. While we should be careful when browsing certain websites and not be fooled when checking our emails or text messages, there may always be times when we fall into a trap. This is why it's important to always use different, complex passwords, enable two-factor authentication, and other recommendations such as browsing with a VPN.
Among the most recent cybercrime cases was discovered by Microsoft's intelligence team, which identified a sophisticated malicious advertising campaign that used GitHub repositories to distribute malware. This operation affected approximately one million devices, leaving them vulnerable to information theft.
The campaign began on websites that share movies and TV series in an unauthorized manner, where malicious ads were inserted with hidden redirects. These ads generated revenue for every view or click through deceptive advertising platforms. However, their primary goal was not just financial gain; rather, it was to redirect victims to dangerous websites.
Affected users were sent through a series of redirects, passing through one or two malicious intermediaries before reaching the final website. In this final stage, the page redirected the user to a GitHub repository containing the initial code for the attack.
Once the victim accessed GitHub, they unwittingly downloaded the first payload, which executed code designed to deploy two additional payloads. The first of these payloads collected information about the infected device, including data about its RAM, graphics capabilities, screen resolution, operating system, and user paths.
The third level of infection varies depending on the infected device, but typically involves malicious activities such as communicating with command and control (C2) servers. This communication allows attackers to download more dangerous files, extract system information, and implement techniques to evade security mechanisms.
One of the campaign's primary goals was to steal credentials stored in web browsers. To do this, the attackers designed a multi-layered redirection system (between four and five layers) that allowed the malware to be gradually disseminated, ensuring the attack continued on infected devices.
Microsoft confirmed that the malware repositories used on GitHub have now been removed. Additionally, the company provided a detailed report on the level of compromised devices and other relevant data to help detect and mitigate similar threats in the future.