Massive Malware Attack Infects 1 Million Devices via GitHub - Stay Safe!
Microsoft has uncovered a large-scale malware attack, named Storm-0408, that infected nearly one million devices worldwide. The attackers used malvertising on illegal streaming sites to spread malware hosted on GitHub, Discord, and Dropbox. The malware stole personal data, browser credentials, and even disabled security protections.
- Malvertising Trick: Users watching pirated videos were unknowingly redirected to malicious websites.
- GitHub Exploited: Attackers hosted and delivered malware from GitHub repositories.
- Multi-Stage Attack: The malware collected system details, installed stealers like Lumma and Doenerium, and used PowerShell scripts to disable security.
- Browser Data Theft: Chrome, Edge, and Firefox credentials were stolen, putting victims at risk.
- Microsoft's Response: The infected GitHub repositories were removed, and security guidelines were issued.
This attack shows the dangers of pirated websites and the growing use of malvertising to spread malware. Users should avoid illegal streaming sites, keep security software updated, and enable multi-factor authentication (MFA) to stay protected. Cybercriminals continue to find new ways to spread malware, making online vigilance more important than ever.
Comment(s)
