Cyber Security News

Microsoft Warns: 1 Million Devices Infected by Malware from GitHub

In a recent alert, Microsoft revealed a large-scale malvertising campaign that has compromised nearly one million devices worldwide.

This campaign, which began in early December 2024, leverages malicious redirects from illegal streaming websites to deliver malware hosted on platforms like GitHub.

The attack is notable for its indiscriminate targeting, affecting both consumer and enterprise devices across various industries.

Malvertising Campaign Details

The campaign starts with malvertising redirectors embedded in iframes on pirated video streaming sites.

These redirectors lead users through multiple layers of malicious websites before ultimately landing on GitHub, where the initial malware payloads are hosted.

GitHubGitHub
Redirection chain from pirate streaming website to malware files on GitHub

The malware, often disguised as legitimate files, establishes a foothold on the device and acts as a dropper for subsequent payloads.

These additional payloads include information stealers like Lumma and Doenerium, which collect system and browser data.

In some cases, the NetSupport remote monitoring and management (RMM) software is also deployed, allowing for further control over compromised devices.

The attack chain involves multiple stages, each designed to evade detection and persist on the system.

The malware uses living-off-the-land binaries (LOLBAS) such as PowerShell and AutoIT to execute malicious scripts, exfiltrate data, and establish command and control (C2) communications.

The use of legitimate tools like RegAsm.exe and MSBuild.exe for malicious purposes complicates detection efforts.

The attackers also employ techniques like registry modification and scheduled task creation to ensure persistence.

Mitigation and Response

Microsoft recommends several measures to mitigate this threat.

Users should enable tamper protection and network protection in Microsoft Defender for Endpoint and ensure that endpoint detection and response (EDR) is running in block mode.

Additionally, implementing multifactor authentication (MFA) and using phishing-resistant authentication methods can help prevent similar attacks.

Microsoft also advises users to avoid illegal streaming sites and to be cautious of suspicious redirects.

The GitHub security team collaborated with Microsoft to take down the malicious repositories involved in the campaign.

Microsoft’s security tools, including Microsoft Defender XDR, can detect and respond to this threat by identifying suspicious activity and blocking malicious artifacts.

Users are encouraged to stay vigilant and implement robust security measures to protect against evolving threats.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

2 days ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

2 days ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

2 days ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

2 days ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

3 days ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

3 days ago