Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information thieves. From a report: Discovered by Microsoft Threat Intelligence late last year, the campaign saw pirate vid-streaming websites embed malvertising redirectors to generate pay-per-view or pay-per-click revenue from malvertising platforms. "These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to another website, such as a malware or tech support scam website, which then redirected to GitHub" according to Microsoft's threat research team.

GitHub hosted a first-stage payload that installed code that dropped two other payloads. One gathered system configuration info such as data on memory size, graphics capabilities, screen resolution, the operating system present, and user paths. Third-stage payloads varied but most "conducted additional malicious activities such as command and control (C2) to download additional files and to exfiltrate data, as well as defense evasion techniques."

[ Read more of this story ]( https://it.slashdot.org/story/25/03/10/1652235/microsoft-admits-github-hosted-malware-that-infected-almost-a-million-devices?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.