A recent malicious advertising campaign has compromised nearly one million devices worldwide, according to Microsoft’s security team. The attack, meticulously designed to steal information from affected devices, began in early December and has since spread rapidly across the globe. The scheme utilized ads on pirated video streaming sites, specifically targeting movies7.net and 0123movie.art, to redirect users to tech support scam sites, which in turn led them to malware-hosting pages on platforms like Discord, Dropbox, and GitHub.
Attack Details and Spread
Microsoft’s security team stated that the campaign “impacted nearly one million devices globally in an opportunistic attack to steal information.” The first-stage payloads discovered in the attack were digitally signed with a newly created certificate as of mid-January 2025. In total, twelve different certificates were identified during the investigation, all of which have since been revoked.
The attack aimed to deliver a second-stage payload capable of collecting detailed PC information and transmitting it back to the hacker’s server. This payload could also install additional malware onto the compromised computers. Critically, the malware allows hackers to spy on browsing activity and interact with active browser instances. Browsers affected include popular ones such as Firefox, Chrome, and Edge.
Microsoft’s built-in Microsoft Defender on Windows has the capability to detect and flag the malware used in this attack. The company traced the attack back to two specific video stream domains, pinpointing them as the origin of the malicious advertisements. These ads directed users to fraudulent tech support scam sites which then forwarded them to pages hosting the harmful software.
Microsoft highlighted the non-discriminatory nature of this campaign, noting that “the campaign impacted a wide range of organizations and industries, including both consumer and enterprise devices.” This underscores the pervasive and indiscriminate strategy employed by the attackers.
In response to the attack, Microsoft has taken steps to mitigate further damage by revoking all discovered certificates associated with the malware. Users are advised to remain vigilant when visiting streaming sites and ensure that their security software is up-to-date to detect potential threats.
Author’s Opinion
This widespread attack highlights the growing risks of pirated streaming sites, which can be used as a vehicle for delivering dangerous malware. It’s crucial for users to prioritize their online security and exercise caution when visiting these sites, as they can unwittingly expose themselves to significant security threats. The use of legitimate-looking certificates adds a layer of deception, making it harder for even experienced users to detect such attacks.
