GitHub-Hosted Malware Infects 1M Windows Users

A malvertising campaign, originating from illegal streaming websites, infected nearly 1 million Windows PCs with data-stealing malware. The campaign, attributed to Storm-0408, used a multistage approach involving GitHub, Discord, and Dropbox to deliver payloads like Lumma and Doenerium stealers. Microsoft recommends strengthening Microsoft Defender for Endpoint configuration and educating users about the dangers of malicious ads to mitigate similar attacks.

*****
Written on