Malvertising campaign infects one million Windows devices through GitHub
- In December 2024, Microsoft discovered a malvertising campaign infecting Windows devices.
- The campaign utilized GitHub, Discord, and Dropbox to distribute infostealer malware.
- Microsoft recommends multi-factor authentication to mitigate such threats.
In December 2024, Microsoft Threat Intelligence became aware of an extensive malvertising campaign that primarily targeted users of illegal streaming websites. This campaign redirected victims to GitHub repositories containing infostealer malware, which proved to be highly effective, ultimately infecting approximately one million Windows devices. The malware was not exclusive to consumer devices; organizations using Windows systems also fell victim to this coordinated attack. The method of attack utilized a multi-stage chain that allowed the malware to gain a foothold on the infected device. After initial penetration, the malware deployed additional malicious files and scripts designed to collect system information and exfiltrate sensitive documents and data from the compromised devices. Redirectors were implemented, further routing traffic through various malicious websites. These multifaceted strategies highlighted the attackers’ indiscriminate targeting and their capability to exploit common online platforms for distribution, especially GitHub, which was identified as the primary repository for malware. Microsoft’s report emphasized the need for enhanced security measures, particularly in the light of such an infiltration. They advocated for the deployment of multi-factor authentication (MFA) across all accounts where applicable, despite acknowledging some sophisticated attacks could bypass MFA through session cookie theft. Microsoft also recommended using phishing-resistant authentication methods, such as Microsoft Authenticator, and advised against relying solely on telephony-based MFA methods like SMS codes. To mitigate the risks posed by these attacks, users were encouraged to utilize web browsers capable of supporting Microsoft Defender SmartScreen, which adds an additional layer of protection when navigating the web. The findings serve as a stark reminder of the evolving threats in the cyber landscape, particularly through popular platforms that although prolific, present risks when used irresponsibly.