Nearly 1 million Windows devices targeted in advanced “malvertising” spree

Estimated reading time: 1 minutes

Chain of events
About The Author

Nearly 1 million Windows devices were targeted in recent months by a sophisticated “malvertising” campaign that surreptitiously stole login credentials, cryptocurrency, and other sensitive information from infected machines, Microsoft said.

The campaign began in December, when the attackers, who remain unknown, seeded websites with links that downloaded ads from malicious servers. The links led targeted machines through several intermediary sites until finally arriving at repositories on Microsoft-owned GitHub, which hosted a raft of malicious files.

Chain of events

The malware was loaded in four stages, each of which acted as a building block for the next. Early stages collected device information, presumably to tailor configurations for the later ones. Later ones disabled malware detection apps and connected to command-and-control servers; affected devices remained infected even after being rebooted.

Read full article

Comments