Microsoft has removed various GitHub repositories linked to a significant malvertising campaign that impacted almost one million devices. Discovered in December 2024, this campaign involved injecting malicious ads into videos on unauthorized streaming sites, misleading users to these repositories where they inadvertently downloaded malware. This malware collected sensitive system information, and subsequently installed remote access trojans and data thieves. The situation highlights the need for vigilance regarding malvertising techniques that exploit popular platforms like GitHub.
Microsoft has taken offline an unknown number of GitHub repositories that were used in a large-scale malvertising campaign, affecting nearly one million devices worldwide.
The attackers injected ads into videos on illegal streaming websites, which redirected potential victims to malicious GitHub repositories.
Collection
[
|
...
]