Nearly 1 million Windows devices were targeted in recent months by a sophisticated “malvertising” campaign that surreptitiously stole login credentials, cryptocurrency, and other sensitive information from infected machines, Microsoft said.
The campaign began in December, when the attackers, who remain unknown, seeded websites with links that downloaded ads from malicious servers. The links led targeted machines through several intermediary sites until finally arriving at repositories on Microsoft-owned GitHub, which hosted a raft of malicious files.
Ad blockers aren’t just convenient, they’re necessary for online safety. Install it on your family member’s devices
I still don’t understand why anybody is still not using Firefox + uBlock Origin.
Browsing internet with out ad and java blockers is like having sex with a stranger with no rubbers…
except a lot less fun
Yeah its not like the web feels better without ad block.
If I’m reading this right this still required a manual clickthrough (seemingly forced through a fake video player) and running an executable, right? The description is simultaneously very detailed and fuzzy on the social engineering portion.
Analysis of the redirector chain determined the attack likely originated from illegal streaming websites where users can watch pirated videos. The streaming websites embedded malvertising redirectors within movie frames to generate pay-per-view or pay-per-click revenue from malvertising platforms. These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to another website, such as a malware or tech support scam website, which then redirected to GitHub.
Not to say you don’t want an adblocker for security reasons, but still, the implication in the reporting is “have an ad pop up, get infected”, when it was more “click on the “watch PopularseriesS02e04” prompt, fail multiple times due to it being an obvious scam, get prompted to download some files, install said files, get infected”.
It sounded terrifying at first with it sounding like the infection happened without user involvement, but seeing how it still requires user participation makes it seem less alarming.
