Microsoft exposes malicious advertising, “malvertising campaign” blitz: 5 ways to protect your account on GitHub

Microsoft has sounded the alarm on a sophisticated malvertising campaign that leverages GitHub to distribute malicious information-stealing malware, affecting nearly one million devices worldwide. This campaign, uncovered by Microsoft’s Threat Intelligence Center, highlights the evolving nature of cyber threats and the importance of vigilance in the digital landscape.

Understanding the malvertising campaign

The malvertising campaign in question involves malicious advertisements that redirect users to GitHub-hosted repositories containing info stealers. These info stealers are designed to capture sensitive user data, such as login credentials and personal information, which can then be exploited for financial gain or other malicious purposes.

How malvertising works

Here’s a breakdown of how the malvertising campaign works:

1. Malicious ads: The campaign begins with malicious ads displayed on compromised websites or browsers, often on illegal streaming sites. These ads are embedded within video streams to generate pay-per-view or pay-per-click revenue from malvertising platforms.
2. Redirect to GitHub: Upon clicking these ads, users are redirected through multiple layers of malicious redirectors, ultimately landing on GitHub repositories. These repositories were used to deploy a series of files and scripts as part of a modular and multi-stage approach to payload delivery, execution, and persistence.
3. Info stealers deployment: Once users land on these repositories, they may be prompted to download files or execute scripts that install info stealers on their devices. These malware tools then begin collecting sensitive information, including system details and user data.

The adverse effects of the malvertising campaign

This malvertising campaign poses significant risks to users across various sectors. The use of GitHub as a hosting platform adds complexity to the threat landscape, as it exploits the trust users have in reputable services. The targeted sectors of the campaign include:

1. Government and NGOs: These organizations often handle sensitive information, making them prime targets for data breaches.
2. IT services and technology: Companies in this sector may have access to valuable intellectual property and customer data.
3. Defense and telecommunications: These sectors handle critical infrastructure and national security information.
4. Health and higher education: Institutions in these sectors often possess sensitive personal data.

How to protect against these types of threats

To protect against this and similar threats, users and organizations should adopt robust cybersecurity practices:

1. Be cautious with ads: Avoid clicking on suspicious or unfamiliar ads, especially those prompting downloads or redirects to unknown sites.
2. Use ad blockers: Implementing ad blockers can significantly reduce exposure to malicious ads.
3. Regularly update software: Ensure all software, including browsers and operating systems, is up-to-date with the latest security patches.
4. Use strong antivirus software: Install reputable antivirus software that includes anti-malware protection.
5. Educate users: Conduct regular cybersecurity awareness training to help users recognize phishing attempts and other threats.

Microsoft’s warning highlights the evolving nature of cyber threats and the need for continuous vigilance. As threats become more sophisticated, relying on trusted platforms like GitHub to host malicious content, users must be proactive in protecting themselves. By understanding these threats and implementing robust cybersecurity measures, individuals and organizations can safeguard their digital assets effectively. See the full Microsoft blog post here.