- Microsoft says he discovered an important evil campaign
- The objective was to display infants of infants as wide as possible.
- The company eliminated an unleashed number of Github repositories in response
Infectors have infected more than one million PCs through a massive evil campaign, a new investigation by Microsoft security researchers.
The campaign begins in illegal transmission sites where people can see pirate content. Apparently, the cybercounts injected ads in those videos, which sent visitors through a roller mountain of redirects, before landing in one of the many github repositories under the control of the attackers.
There, they would download the first payload that would execute the discovery of the system and collect system information (operating system data, screen resolution, memory size, etc.), would exfiltrate a server under the control of the attackers, while implementing the useful load of the second stage.
Infants of infants in action
The payload of the second stage depends on the committed device. In some cases, it will be a remote access Trojan from Netsupport (Rat), followed by the Lumma or Infant Robador of Doenerium. This malware can obtain the people’s login credentials, cryptocurrency information, bank details and more. In other cases, the malware will download an executable file that runs a CMD and drops a renowned self -operated interpreter with an .com extension.
Autoit then executes some additional steps that finally lead to the same result: the exfiltration of sensitive files of the destination system.
In most cases, useful charges were lodged in Github, and Microsoft said it eliminated an unleashed number of repositories. However, malware also stayed in Dropbox and Discord. He did not attribute the campaign to any threat actor in particular, and said that the victims were found in a wide range of industries.
“This activity is tracked under the name of the Storm-0408 umbrella that we use to track numerous threat actors associated with remote access or information robbery and that use phishing, optimization of search engines (SEO) or spoiled campaigns to distribute malicious useful loads,” Microsoft said.
“The campaign hit a wide range of organizations and industries, including consumer and companies devices, highlighting the indiscriminate nature of the attack.”
Through Bleepingcomputer
