this post was submitted on 08 Mar 2025
143 points (100.0% liked)

Technology

64937 readers
6341 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
143
Nearly 1 million Windows devices targeted in advanced “malvertising” spree (arstechnica.com)
submitted 1 day ago* (last edited 1 day ago) by otter@lemmy.ca to c/technology@lemmy.world
5 comments fedilink hide all child comments
 

Nearly 1 million Windows devices were targeted in recent months by a sophisticated "malvertising" campaign that surreptitiously stole login credentials, cryptocurrency, and other sensitive information from infected machines, Microsoft said.

The campaign began in December, when the attackers, who remain unknown, seeded websites with links that downloaded ads from malicious servers. The links led targeted machines through several intermediary sites until finally arriving at repositories on Microsoft-owned GitHub, which hosted a raft of malicious files.

Ad blockers aren't just convenient, they're necessary for online safety. Install it on your family member's devices

top 5 comments
sorted by: hot top controversial new old
[–] Scrollone@feddit.it 2 points 12 hours ago

I still don't understand why anybody is still not using Firefox + uBlock Origin.

[–] sunzu2@thebrainbin.org 30 points 1 day ago (1 children)

Browsing internet with out ad and java blockers is like having sex with a stranger with no rubbers...

except a lot less fun

[–] pebbles@sh.itjust.works 3 points 13 hours ago

Yeah its not like the web feels better without ad block.

[–] MudMan@fedia.io 16 points 1 day ago (1 children)

If I'm reading this right this still required a manual clickthrough (seemingly forced through a fake video player) and running an executable, right? The description is simultaneously very detailed and fuzzy on the social engineering portion.

Analysis of the redirector chain determined the attack likely originated from illegal streaming websites where users can watch pirated videos. The streaming websites embedded malvertising redirectors within movie frames to generate pay-per-view or pay-per-click revenue from malvertising platforms. These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to another website, such as a malware or tech support scam website, which then redirected to GitHub.

Not to say you don't want an adblocker for security reasons, but still, the implication in the reporting is "have an ad pop up, get infected", when it was more "click on the "watch PopularseriesS02e04" prompt, fail multiple times due to it being an obvious scam, get prompted to download some files, install said files, get infected".

[–] Lfrith@lemmy.ca 5 points 1 day ago

It sounded terrifying at first with it sounding like the infection happened without user involvement, but seeing how it still requires user participation makes it seem less alarming.