Microsoft Warns of Malware Campaign Linked to Pirated Streaming Sites
Microsoft has uncovered a malicious advertising campaign linked to two websites that provided unauthorized video streams, exposing thousands of users to malware.
According to a report released on Thursday by Microsoft’s security team, the campaign affected nearly one million devices worldwide in an attempt to steal sensitive information. Investigations traced the malware infections to two streaming domains—movies7[.]net and 0123movie[.]art. Advertisements on these sites redirected visitors to fraudulent tech support pages, which then funneled users to malware-hosting platforms on Discord, Dropbox, and GitHub.
While Microsoft did not provide specific details about these scam sites, they were likely designed to deceive users into downloading software that appeared legitimate but actually contained malware. This malicious software had the capability to harvest system data or even take remote control of the victim’s computer.
To evade detection, the attackers used digitally signed software certificates and included legitimate files within the initial payload. “As of mid-January 2025, the first-stage payloads discovered were digitally signed with a newly created certificate. A total of twelve different certificates were identified, all of which have been revoked,” Microsoft noted.
The attack was structured to deploy a secondary payload, which could collect details about the infected PC and transmit them to the hacker’s server. Additionally, the malware could install other malicious programs, enabling cybercriminals to track browsing activities and manipulate web sessions on major browsers like Chrome, Edge, and Firefox.
Microsoft first identified this campaign in early December and warned that it targeted a broad range of users, affecting both personal and enterprise devices. The indiscriminate nature of the attack underscored the widespread risk.
Following the discovery, GitHub, Discord, and Dropbox—platforms used to distribute the malware—appear to have taken down the harmful pages. Microsoft also reassured users that its Windows Defender security system is capable of detecting and blocking the malware used in this attack.
Newer Articles
- AMD’s Ryzen 9 9900X3D and 9950X3D CPUs to be launched on March 12
- How to Stay Safe From Tax Scams This Season
