Illegal streaming sites are nothing new, but with rights holders cutting off their advertising revenue, they are now financing themselves in other ways... and not always harmlessly. Microsoft explains that these sites use long ad redirects, sometimes up to five levels deep, to send users to dangerous pages.
One million computers infected
The scheme is vicious: users are sent to GitHub, Discord, or Dropbox, where malware is discreetly hosted. Digitally signed with brand new certificates to fly under the radar, these files begin infecting the computer. At this stage, nothing is visible to the victim.
Once installed, the malware begins by collecting information about the machine: processor, RAM, graphics card, operating system... All this data is sent to a remote server. This is only the first step in a well-crafted plan.
The rest of the program is even more devious. A second wave of infections adds new malware to the victim's computer. They are used to keep a door open on the PC even after restarting, run scripts that bypass Windows protections, and suck up personal data and passwords stored in browsers.
Microsoft identified well-known spyware in this attack, including Lumma Stealer, often used to trap gamers who like mods, and Doenerium, a Trojan horse specialized in stealing credentials. To ensure it remains active, the malware installs a JavaScript file in the Windows Startup folder. As a result, it automatically restarts at every time a user logs in, without the user realizing it.
To avoid this kind of unpleasant surprise, Microsoft recommends several simple but effective actions. First, have an up-to-date antivirus, such as Microsoft Defender, which now detects these threats. Then, activate protection against unwanted changes in Windows and the SmartScreen module to block suspicious sites.
A few good habits also help limit the risks:
- update Regularly update Windows and its software,
- avoid saving passwords directly in the browser,
- install an effective ad blocker,
- never download a file from a dubious source,
- browse on a virtual machine for risky sites.
Obviously, never going to a pirate streaming site remains the safest solution. But since this type of attack could also be used elsewhere, it is better to strengthen your cybersecurity on a daily basis. A good ad blocker and a little distrust are better than an infected PC.
0 Comments