Facebook Twitter Instagram Youtube
Contact Us
Facebook Twitter Instagram Youtube

Ads on Pirated Video Sites Pushed Malware to Nearly 1 Million Devices

Ads on Pirated Video Sites Pushed Malware to Nearly 1 Million Devices Ads on Pirated Video Sites Pushed Malware to Nearly 1 Million Devices

Two sites that offered pirated video streams redirected thousands of users to malware through their ads, according to Microsoft. 

The malicious advertising campaign “impacted nearly one million devices globally in an opportunistic attack to steal information,” Microsoft’s security team said in a Thursday report

The company traced the infections to two video stream domains, movies7[.]net and 0123movie[.]art. Ads on those sites redirected users to tech support scam sites, which again forwarded users to pages on Discord, Dropbox, and GitHub that hosted the malware. 

Microsoft didn’t elaborate on what the scam sites looked like. But they likely encouraged users to download programs that were secretly malware and capable of looting system information or even remotely taking over the user’s computer.

The attack also tried to hide its malicious nature by using signed software certificates while delivering some legitimate files through the initial payload. “As of mid-January 2025, the first-stage payloads discovered were digitally signed with a newly created certificate. A total of twelve different certificates were identified, all of which have been revoked,” Microsoft added. 

The attack was designed to deliver a second-stage payload that can collect the PC’s information and send it back to the hacker’s server. The payload can also install additional malware onto the computer, enabling the hackers to spy on “browsing activity and interact with an active browser instance,” including for Firefox, Chrome, and Edge, Microsoft said.  

Recommended by Our Editors

The company first detected the attack in early December. “The campaign impacted a wide range of organizations and industries, including both consumer and enterprise devices, highlighting the indiscriminate nature of the attack,” it warned. 

GitHub, which Microsoft owns, along with Discord and Dropbox, seem to have taken down the pages that were hosting the malware. Microsoft also says that the built-in Microsoft Defender on Windows can detect and flag the malware used in the attack.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.

Newsletter Pointer

About Michael Kan

Senior Reporter

Michael Kan

I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.


Read Michael’s full bio

Read the latest from Michael Kan

byLogan C.
Published
Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more