Microsoft has revealed a “large-scale malicious campaign”. Detected last December, the operation has “affected nearly a million devices worldwide”, the American publisher explains in a report published on its website. This campaign of malicious advertising aims to steal personal data from Internet users.
First, cybercriminals display fraudulent advertisements on "illegal streaming websites" allowing you to watch movies and series for free. The advertising videos are designed to redirect Internet users to Github, the collaborative software development platform, Dropbox or Discord.
However, hackers generally only used Github repositories. Microsoft says "These redirects first routed traffic through one or two additional malicious servers before directing it to a malicious website, such as a malware distribution page or a tech support scam, which then redirected to GitHub." In fact, the entire redirect chain consisted of four to five layers.
Personal Data Stealing
These host malware. Once deployed on the target's computer, the viruses quickly download and install other dangerous programs. They are designed to siphon off all data from the machine, such as memory capacity, graphics specifications, screen resolution, operating system, and various user access paths.
All data is exfiltrated and transmitted to remote servers owned by the hackers. Then, the viruses deploy a myriad of other malware, which opens the door to all kinds of abuse. Microsoft has notably identified Lumma or Doenerium, viruses designed for data theft. They then steal other information from the device, such as files or cookies.
A blind cyberattack
Microsoft calls it a very large-scale cyberattack, with no specific target or objective. The campaign “affected a wide range of organizations and sectors, targeting both consumer and enterprise devices, illustrating the blind nature of the attack”.
During its investigation, the American group was unable to determine the identity of cybercriminals behind the attack, codenamed Storm-0408. To protect Internet users, Microsoft has carefully removed all GitHub repositories involved in the attack.
Source: Microsoft
0 Comments