Malvertising Campaign Leads to Info Stealers Hosted on Github
Episode 39 of the Microsoft Threat Intelligence Podcast podcast, hosted by Microsoft, titled "Malvertising Campaign Leads to Info Stealers Hosted on Github" was published on March 6, 2025 and runs 35 minutes.
March 6, 2025 ·35m · Microsoft Threat Intelligence Podcast
Summary
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency mining campaign targeting individual computers as part of a large-scale malvertising campaign. They discuss the sophisticated attack chain, which includes DLLs, clipboard malware, process injection via Explorer.exe, and how this impacted nearly one million devices around the globe. Kajhon explains how attackers use registry modifications, WMI event consumers, and obfuscation techniques like non-standard ports and reverse shells to maintain persistence and evade detection. The duo also covers Microsoft's defense efforts and the challenges of tracking down the origins of these attacks. In this episode you’ll learn: Why the attack chain incorporates legacy malware like NetSupport RAT The overlap between the Luma Stealer and Donarium malware families How Luma Stealer uses GitHub repositories and redirector networks to deliver malicious payloads Some questions we ask: Can you explain how the malware uses the “image file execution objects” registry path? What role does Netcat play in this campaign’s command and control? Why do people still mine cryptocurrency today, with all the complexities and attack methods? Resources: View Kajhon Soyini on LinkedIn View Sherrod DeGrippo on LinkedIn Connect with Sherrod and the team at RSAC Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Episode Description
Similar Episodes
Apr 8, 2026 ·27m
Apr 5, 2026 ·35m
Apr 1, 2026 ·29m
Mar 30, 2026 ·28m
Mar 29, 2026 ·31m
Mar 25, 2026 ·22m