Malvertising campaign leads to info stealers hosted on GitHub
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A large-scale malvertising campaign impacting nearly one million devices globally was detected in December 2024. The attack originated from illegal streaming websites with embedded malvertising redirectors, leading users through multiple redirections to malware hosted on GitHub and other platforms. The multi-stage attack chain involved deploying information stealers like Lumma and Doenerium, as well as remote access tools. The threat actors used living-off-the-land techniques and various scripts to collect system information, exfiltrate data, and establish persistence. The campaign affected both consumer and enterprise devices across multiple industries, highlighting its indiscriminate nature.
OPENCTI LABELS :
lumma,information stealer,netsupport rat,malvertising,lumma stealer,github,multi-stage attack,doenerium,living-off-the-land
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Malvertising campaign leads to info stealers hosted on GitHub