The attack, detected in early December 2024, originated from illegal streaming websites that redirected users through multiple malicious domains before delivering payloads hosted on GitHub, Dropbox, and Discord.
Microsoft Threat Intelligence began tracking this campaign in December 2024 and attributed it to Storm-0408, a threat actor group known for phishing, SEO poisoning, and malvertising to distribute malware. The attack primarily targeted users accessing illegal streaming sites, which embedded malvertising redirectors within movie frames. These redirectors funneled users through a multi-layered attack chain, leading to malware-hosting repositories on GitHub and other platforms.
➤➤➤ SEE MORE @ CYBER INSIDER