Microsoft confirms the attack on millions of devices.
With hackers bypassing Windows Defender’s security protections, using your GPU to load malware with password and confirm new null day vulnerabilities for Microsoft users, the last thing you want to hear iOS that a million Windows devices have been infected during an Infoster. However, here we are. Fortunately, however, Microsoft Threat Intelligence has caught the opportunity hackers in practice and published a detailed report that explains exactly how it happened. Here’s what you need to know.
Inside the attack Infostealer Million Device
When it comes to threat and research, Microsoft gets some beating, the truth is. If you ever want to prove this, don’t look more than an absolutely absorbent, though extremely technical, deep dive into an infostealer attack of millions of devices. In the report, Microsoft Security researchers provided an analysis of a truly huge Malvertising campaign that used a multilevel attack chain to deliver malicious software to a million Windows devices.
As I always say, when it comes to stories like this, read the original report If you want all these technical details. It is really worth it, and there is a lot to cover in depth here. However, I will do my best to unravel the relevant information and present it for the pleasure of your reading and, I hope, to increase the awareness of your threat.
The story begins in December 2024, when Microsoft Threat Intelligence was aware of a Malvertising campaign that used illegal flow sites to mainly redirect users to Github repositories that hosted malware infostealer. Discord and Dropbox platforms were also used to distribute malware, but Microsoft said Github was far the most important, so the exhibition focused on it. The attack, Microsoft said, influenced “both consumer and business devices”, which depicted the opportunistic and indisputable intention of hackers.
The Github repositories where the victims were found were used to store this malware as well as to develop other malicious files and scenarios. “As soon as the original malicious software from GitHub won a seat on the device,” Microsoft explained, “the additional files developed had a articulated and multi -stage approach to the delivery, execution and insistence of the beneficial load.”
These files appear to have been used to collect system information and then used to facilitate scenarios that are exhausted by documents and data from the infected device.
Users were redirected to GitHub through a series of redirects, Microsoft said, analyzing the redistribution chain capable of assessing that the attacks began with locations where people could watch pirate films. “These redirects then launch traffic through one or two additional malicious redirects, eventually leading to another website,” Microsoft warned: “Like a malicious software or technology fraud website, which then redirected to Github.”
I have arrived at Discord, Dropbox and GitHub for a statement.
Counting Microsoft Microsoft Infostealer threat
To mitigate the threat of malware infostealer, as described in the Intelligence Threat, Microsoft has advised to use multiple factors on all accounts where possible. While admitting that there are some attacks, such as the threats of the mid -range opponents, which can bypass MFA with session theft, “the application of MFA remains a key pillar in identity safety and is particularly effective in stopping a variety of threats.” Microsoft has also updated the use of electronic fishing -resistant methods such as Microsoft Authenticator with a Passky key and to avoid telephony -based MFA methods, such as SMS codes. Using Microsoft Edge and other web browsers that also support Microsoft Defender’s SmartScreen.
