The tech giant shared how two different websites were offering pirated means for video streaming that would redirect the users to malware, using ads. The number of users impacted was outlined to be in the thousands.
The dangerous advertising campaign affected up to million devices around the globe, in what was called out as an opportunistic attack to steal data, the head of Microsoft’s safety decision mentioned in its latest report.
The firm was also able to trace infections to two different video stream domains and how ads were redirecting people to scam sites showing tech support. This would forward the users to other pages like Dropbox, GitHub, and Discord that were seen hosting this malware.
The company failed to go into the details on what such scam pages looked like, but they were motivating people to install programs that were looting the system and disguised as malware. They could attain user data or even take over their phones or computers, the report shared.
The attack also made efforts to disguise how malicious it was by utilizing signed software certificates when delivering some real files via the starting payload. The first stage of this campaign was outlined to be the middle of January this year. They were digitally signed and featured newly designed certificates. Total of 12 such certificates were outlined, all of which were revoked.
Such attacks were created to deliver another stage of payload that can collect the data from the PC and return it back to the server belonging to the hacker. It would also have the ability to successfully download more malware onto a device that enables hackers to spy on various browsing actions and even communication with active browsers such as Chrome, Edge, and Firefox.
The tech giant also mentioned how they saw the attack first unfold starting early December. The campaign reportedly affected a wide number of companies and industries, alongside user devices. This highlighted different attacks, it shared.
GitHub that is under the ownership of Microsoft seems to now have deleted the pages hosting the malicious campaign. As per Microsoft, it's built-in Defender for Windows can highlight and flag malware that is used for attacks.
Read next: Apple Given Three Month Deadline to Enable Sideloading on iOS Devices in Brazil
by Dr. Hura Anwar via Digital Information World
No comments:
Post a Comment