Microsoft has spotted a malvertising campaign that infected around 1 million devices, by downloading nastyware hosted on GitHub
The campaign saw pirate vid-streaming websites embed malvertising redirectors. “These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to a malware or tech support scam website, which then redirected to GitHub,” according to Microsoft
GitHub hosted a first-stage payload that installed code that dropped two other payloads, gathering system info such as data on memory size, graphics capabilities, the used OS, and user paths
Third-stage payloads varied but most “conducted additional malicious activities such as command and control (C2) to download additional files and to exfiltrate data, as well as defense evasion techniques.”
Microsoft noted that the malicious repos have since been taken down
That sucks. Interesting that it comes from Github, a site mostly used by developers.
Totally.
I guess it can be an efficient technique to get access to private data from those developers, including about non open source projects.