You might want to rethink that free movie night. Microsoft just exposed a massive malvertising operation that’s already infected over a million PCs – and it all starts with innocent-looking pirated streams.
Here’s the terrifying part: Hackers injected malicious ads into illegal streaming sites, turning every click into a digital minefield. Victims get bounced through a maze of redirects before landing on fake GitHub repos hosting the first-stage malware. Once installed? The spyware scans your system, steals your specs, then delivers the real nightmare: Lumma Stealer, Doenerium, or a nasty RAT designed to vacuum up passwords, crypto wallets, and bank details.
“But GitHub’s safe, right?” Normally, yes. But these repos were wolf-in-sheep’s-clothing operations, with Microsoft admitting some malware even slipped into Dropbox and Discord. The payloads are crafty – some deploy a disguised AutoIt script that quietly exfiltrates your files, while others install remote access trojans giving hackers full control.
Microsoft’s calling this “Storm-0408” – a catch-all for cybercriminals using SEO poisoning, phishing, and malvertising to spread infostealers. And the targets? Everyone. From casual streamers to Fortune 500 employees, this campaign doesn’t discriminate.
The silver lining? Microsoft’s already nuked some repos. But here’s the kicker: New ones keep popping up. So if you’ve recently visited sketchy streaming sites, it’s time for a malware scan. And maybe reconsider that “free” UFC stream.
