News

Ads on Pirated Video Sites Pushed Malware to Nearly 1 Million Devices

News Room
News Room

Two sites that offered pirated video streams redirected thousands of users to malware through their ads, according to Microsoft. 

The malicious advertising campaign “impacted nearly one million devices globally in an opportunistic attack to steal information,” Microsoft’s security team said in a Thursday report. 

The company traced the infections to two video stream domains, movies7[.]net and 0123movie[.]art. Ads on those sites redirected users to tech support scam sites, which again forwarded users to pages on Discord, Dropbox, and GitHub that hosted the malware. 

Microsoft didn’t elaborate on what the scam sites looked like. But they likely encouraged users to download programs that were secretly malware and capable of looting system information or even remotely taking over the user’s computer.

The attack also tried to hide its malicious nature by using signed software certificates while delivering some legitimate files through the initial payload. “As of mid-January 2025, the first-stage payloads discovered were digitally signed with a newly created certificate. A total of twelve different certificates were identified, all of which have been revoked,” Microsoft added. 

The attack was designed to deliver a second-stage payload that can collect the PC’s information and send it back to the hacker’s server. The payload can also install additional malware onto the computer, enabling the hackers to spy on “browsing activity and interact with an active browser instance,” including for Firefox, Chrome, and Edge, Microsoft said.  

Recommended by Our Editors

The company first detected the attack in early December. “The campaign impacted a wide range of organizations and industries, including both consumer and enterprise devices, highlighting the indiscriminate nature of the attack,” it warned. 

GitHub, which Microsoft owns, along with Discord and Dropbox, seem to have taken down the pages that were hosting the malware. Microsoft also says that the built-in Microsoft Defender on Windows can detect and flag the malware used in the attack.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.

Newsletter Pointer

About Michael Kan

Senior Reporter

Michael Kan

I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.

Read Michael’s full bio

Read the latest from Michael Kan

Share This Article
Previous Article Apple has 90 days to allow app sideloading in Brazil
Next Article Consent: It’s Not Just for Doctors’ Offices Anymore—Tech Needs It Too | HackerNoon
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Latest News

Internal Product Management to Enhance Development Success
Computing
FCC Grants SpaceX a Key Waiver to Boost Cellular Starlink Network
News
NYT Strands today — hints, spangram and answers for game #371 (Sunday, March 9 2025)
News
PayFi Revolution on the Horizon | HackerNoon
Computing
Lost your password?