{"id":332376,"date":"2025-03-10T15:36:03","date_gmt":"2025-03-10T19:36:03","guid":{"rendered":"https:\/\/msftnewsnow.com\/?p=332376"},"modified":"2025-05-06T17:36:30","modified_gmt":"2025-05-07T00:36:30","slug":"microsoft-exposes-malvertising-campaign-how-to-pro","status":"publish","type":"post","link":"https:\/\/msftnewsnow.com\/microsoft-exposes-malvertising-campaign-how-to-pro\/","title":{"rendered":"Microsoft exposes malicious advertising, “malvertising campaign” blitz: 5 ways to protect your account on GitHub"},"content":{"rendered":"

Microsoft<\/a> has sounded the alarm on a sophisticated malvertising campaign that leverages GitHub to distribute malicious information-stealing malware, affecting nearly one million devices worldwide. This campaign, uncovered by Microsoft’s Threat Intelligence Center<\/a>, highlights the evolving nature of cyber threats and the importance of vigilance in the digital landscape.<\/p>\n

Understanding the malvertising campaign<\/strong><\/h2>\n

\"Microsoft
\nThe malvertising campaign in question involves malicious advertisements that redirect users to GitHub<\/a>-hosted repositories containing info stealers. These info stealers are designed to capture sensitive user data, such as login credentials and personal information, which can then be exploited for financial gain or other malicious purposes.<\/p>\n

How malvertising works<\/strong><\/h2>\n

\"Microsoft<\/p>\n

Here’s a breakdown of how the malvertising campaign works:<\/p>\n

    \n
  1. Malicious ads<\/strong>: The campaign begins with malicious ads displayed on compromised websites or browsers<\/a>, often on illegal streaming sites. These ads are embedded within video streams to generate pay-per-view or pay-per-click revenue from malvertising platforms.<\/li>\n
  2. Redirect to GitHub<\/strong>: Upon clicking these ads, users are redirected through multiple layers of malicious redirectors, ultimately landing on GitHub repositories. These repositories were used to deploy a series of files and scripts as part of a modular and multi-stage approach to payload delivery, execution, and persistence.<\/li>\n
  3. Info stealers deployment<\/strong>: Once users land on these repositories, they may be prompted to download files or execute scripts that install info stealers on their devices. These malware tools then begin collecting sensitive information, including system details and user data.<\/li>\n<\/ol>\n

    \"Microsoft<\/p>\n

    The adverse effects of the malvertising campaign<\/strong><\/h2>\n

    This malvertising campaign poses significant risks to users across various sectors. The use of GitHub<\/a> as a hosting platform adds complexity to the threat landscape, as it exploits the trust users have in reputable services. The targeted sectors of the campaign include:<\/p>\n

      \n
    1. Government and NGOs<\/strong>: These organizations often handle sensitive information, making them prime targets for data breaches.<\/li>\n
    2. IT services and technology<\/strong>: Companies in this sector may have access to valuable intellectual property and customer data.<\/li>\n
    3. Defense and telecommunications<\/strong>: These sectors handle critical infrastructure and national security information.<\/li>\n
    4. Health and higher education<\/strong>: Institutions in these sectors often possess sensitive personal data.<\/li>\n<\/ol>\n

      How to protect against these types of threats<\/strong><\/h2>\n

      To protect against this and similar threats<\/a>, users and organizations should adopt robust cybersecurity<\/a> practices:<\/p>\n

        \n
      1. Be cautious with ads<\/strong>: Avoid clicking on suspicious or unfamiliar ads, especially those prompting downloads or redirects to unknown sites.<\/li>\n
      2. Use ad blockers<\/strong>: Implementing ad blockers can significantly reduce exposure to malicious ads.<\/li>\n
      3. Regularly update software<\/strong>: Ensure all software, including browsers and operating systems, is up-to-date with the latest security patches.<\/li>\n
      4. Use strong antivirus software<\/strong>: Install reputable antivirus software that includes anti-malware protection.<\/li>\n
      5. Educate users<\/strong>: Conduct regular cybersecurity awareness training to help users recognize phishing attempts and other threats.<\/li>\n<\/ol>\n

        Microsoft’s warning highlights the evolving nature of cyber threats and the need for continuous vigilance. As threats become more sophisticated, relying on trusted platforms like GitHub<\/a> to host malicious content, users must be proactive in protecting themselves. By understanding these threats and implementing robust cybersecurity measures, individuals and organizations can safeguard their digital assets effectively. See the full Microsoft blog post here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

        Microsoft has sounded the alarm on a sophisticated malvertising campaign that leverages GitHub to distribute malicious information-stealing malware, affecting nearly one million devices worldwide. This campaign, uncovered by Microsoft’s Threat Intelligence Center, highlights the evolving nature of cyber threats and the importance of vigilance in the digital landscape. Understanding the malvertising campaign The malvertising campaign … Read more<\/a><\/p>\n","protected":false},"author":208461344,"featured_media":332416,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[24],"tags":[1271,1035,778,1083],"class_list":["post-332376","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-cybersecurity","tag-github","tag-microsoft","tag-security"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/malvertising.jpg","jetpack_shortlink":"https:\/\/wp.me\/pfgCZY-1osU","jetpack-related-posts":[{"id":17856,"url":"https:\/\/msftnewsnow.com\/fake-google-chrome-errors-trick-users-into-running\/","url_meta":{"origin":332376,"position":0},"title":"Fake Google Chrome errors trick users into running malicious PowerShell scripts","author":"Dave W. Shanahan","date":"June 18, 2024","format":false,"excerpt":"A new and insidious phishing campaign has been discovered, targeting unsuspecting users with fake Google Chrome errors that trick them into running malicious PowerShell scripts. This sophisticated attack highlights the ongoing threat of social engineering and the importance of user vigilance in the face of increasingly sophisticated cyber threats.","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Fake Google Chrome errors trick users into running malicious Microsoft PowerShell scripts","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/06\/chromeerrors.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/06\/chromeerrors.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/06\/chromeerrors.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/06\/chromeerrors.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":21265,"url":"https:\/\/msftnewsnow.com\/microsoft-sway-exploited-by-qr-code-phishing-steal\/","url_meta":{"origin":332376,"position":1},"title":"Microsoft Sway is being exploited by a QR code phishing campaign to steal Microsoft 365 credentials","author":"Dave W. Shanahan","date":"August 29, 2024","format":false,"excerpt":"A massive QR code phishing campaign has been uncovered, exploiting Microsoft Sway to steal Microsoft 365 credentials. This campaign, identified by Netskope Threat Labs, marks a significant increase in attacks utilizing Microsoft Sway, highlighting the evolving tactics employed by cybercriminals. QR code phishing campaign exploiting Microsoft Sway The phishing campaign\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft Sway is being exploited by a QR code phishing campaign to steal Microsoft 365 credentials","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/08\/OIP-6.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":21410,"url":"https:\/\/msftnewsnow.com\/russian-group-romcom-exploits-microsoft-office\/","url_meta":{"origin":332376,"position":2},"title":"Russian group RomCom exploits Microsoft Office and Windows HTML RCE zero-day vulnerability CVE-2023-36884 to deploy malicious ransomware","author":"Dave W. Shanahan","date":"September 4, 2024","format":false,"excerpt":"A critical security threat has emerged as the Russian group RomCom, also known as Storm-0978, has been actively exploiting a Microsoft Office and Windows HTML Remote Code Execution (RCE) zero-day vulnerability, identified as CVE-2023-36884, to deploy ransomware.","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Russian group RomCom exploits Microsoft Office and Windows HTML RCE zero-day vulnerability CVE-2023-36884 to deploy malicious ransomware","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/09\/OIG3-2.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/09\/OIG3-2.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/09\/OIG3-2.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/09\/OIG3-2.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":17243,"url":"https:\/\/msftnewsnow.com\/hackers-use-microsoft-365-office-docs\/","url_meta":{"origin":332376,"position":3},"title":"Hackers weaponizing Microsoft 365 Office documents to deploy malware and other attacks","author":"Dave W. Shanahan","date":"May 29, 2024","format":false,"excerpt":"The weaponization of Microsoft 365 Office documents by hackers underscores the need for heightened vigilance and robust cybersecurity practices. By understanding the methods used by cybercriminals and implementing comprehensive security measures, businesses can better protect themselves against these sophisticated attacks. Staying informed about the latest threats and continuously updating security\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"microsoft 365 office documents","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/05\/pkusslapts2qpkwu0rnf.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/05\/pkusslapts2qpkwu0rnf.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/05\/pkusslapts2qpkwu0rnf.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/05\/pkusslapts2qpkwu0rnf.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":17284,"url":"https:\/\/msftnewsnow.com\/microsoft-uncovers-moonstone-sleet-hack\/","url_meta":{"origin":332376,"position":4},"title":"Microsoft uncovers “Moonstone Sleet,” new North Korean hacker group actively targeting the United States","author":"Dave W. Shanahan","date":"May 29, 2024","format":false,"excerpt":"Microsoft has identified a new North Korean state-sponsored hacking group, dubbed Moonstone Sleet, which has been actively targeting various sectors with ransomware and custom malware. This group, previously tracked as Storm-1789, has distinguished itself from other North Korean threat actors by developing its own infrastructure and employing sophisticated social engineering\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"moonstone sleet","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/05\/Moonstone-sleet-featured.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/05\/Moonstone-sleet-featured.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/05\/Moonstone-sleet-featured.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/05\/Moonstone-sleet-featured.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/05\/Moonstone-sleet-featured.webp?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":14476,"url":"https:\/\/msftnewsnow.com\/microsoft-advertising-releases-maximum\/","url_meta":{"origin":332376,"position":5},"title":"Boost your search campaign results with Microsoft Advertising’s new Maximize Conversion Value strategy – April 2024 update","author":"Dave W. Shanahan","date":"April 3, 2024","format":false,"excerpt":"Microsoft Advertising has announced a significant update to its platform, aimed at helping advertisers drive more results with less effort.","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"microsoft advertising","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/04\/blog-19038-hero-833x469-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/04\/blog-19038-hero-833x469-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/04\/blog-19038-hero-833x469-1.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/04\/blog-19038-hero-833x469-1.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]}],"jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts\/332376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/users\/208461344"}],"replies":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/comments?post=332376"}],"version-history":[{"count":0,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts\/332376\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/media\/332416"}],"wp:attachment":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/media?parent=332376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/categories?post=332376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/tags?post=332376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}