Massive Malvertising Campaign Hits Nearly 1 Million Windows Devices

Microsoft uncovers a global malware operation exploiting illegal streaming sites to steal sensitive data and deploy remote access tools.

The campaign targeted nearly 1 million devices globally, affecting both consumers and enterprises in various industries.
Attackers used malvertising on illegal streaming sites, such as movies7.net and 0123movie.art, to redirect victims to malicious GitHub repositories.
Malware deployed in the multi-stage attack exfiltrated browser credentials, system information, and cryptocurrency wallet data, among other sensitive files.
The operation utilized platforms like GitHub, Discord, and Dropbox to host and distribute malicious payloads, which have since been removed.
Microsoft Defender now detects the malware, and users are advised to check for indicators of compromise and follow prevention steps outlined by Microsoft.