A broad malvertising campaign used a combination of illegal streaming websites and GitHub to impact nearly 1 million Windows PCs with data-stealing malware. The campaign, identified by Microsoft, targeted both consumer and enterprise devices across a wide range of industries and organizations.

Microsoft Threat Intelligence (MTI) in December detected the attack, originated from illegal streaming websites embedded with malvertising redirectors. This led victims to an intermediary website — such as a malware or tech-support scam website — where they were then redirected primarily to GitHub, which attackers used to host the malware. Microsoft also found one payload hosted on Discord and another on Dropbox.