Malvertising Campaign Leads to Info Stealers Hosted on Github

Episode 39 of the Microsoft Threat Intelligence Podcast podcast, hosted by Microsoft, titled "Malvertising Campaign Leads to Info Stealers Hosted on Github" was published on March 6, 2025 and runs 35 minutes.

March 6, 2025 ·35m · Microsoft Threat Intelligence Podcast

0:00 / 0:00

Summary

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency mining campaign targeting individual computers as part of a large-scale malvertising campaign. They discuss the sophisticated attack chain, which includes DLLs, clipboard malware, process injection via Explorer.exe, and how this impacted nearly one million devices around the globe. Kajhon explains how attackers use registry modifications, WMI event consumers, and obfuscation techniques like non-standard ports and reverse shells to maintain persistence and evade detection. The duo also covers Microsoft's defense efforts and the challenges of tracking down the origins of these attacks. In this episode you’ll learn: Why the attack chain incorporates legacy malware like NetSupport RAT The overlap between the Luma Stealer and Donarium malware families How Luma Stealer uses GitHub repositories and redirector networks to deliver malicious payloads Some questions we ask: Can you explain how the malware uses the “image file execution objects” registry path? What role does Netcat play in this campaign’s command and control? Why do people still mine cryptocurrency today, with all the complexities and attack methods? Resources: View Kajhon Soyini on LinkedIn View Sherrod DeGrippo on LinkedIn Connect with Sherrod and the team at RSAC Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Episode Description

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency mining campaign targeting individual computers as part of a large-scale malvertising campaign. They discuss the sophisticated attack chain, which includes DLLs, clipboard malware, process injection via Explorer.exe, and how this impacted nearly one million devices around the globe. Kajhon explains how attackers use registry modifications, WMI event consumers, and obfuscation techniques like non-standard ports and reverse shells to maintain persistence and evade detection. The duo also covers Microsoft's defense efforts and the challenges of tracking down the origins of these attacks. In this episode you’ll learn: Why the attack chain incorporates legacy malware like NetSupport RAT The overlap between the Luma Stealer and Donarium malware families How Luma Stealer uses GitHub repositories and redirector networks to deliver malicious payloads Some questions we ask: Can you explain how the malware uses the “image file execution objects” registry path? What role does Netcat play in this campaign’s command and control? Why do people still mine cryptocurrency today, with all the complexities and attack methods? Resources: View Kajhon Soyini on LinkedIn View Sherrod DeGrippo on LinkedIn Connect with Sherrod and the team at RSAC Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Share this episode

Similar Episodes

Build AI Agents by Voice, Not Workflows

Apr 8, 2026 ·27m

The AI Coding Reckoning: What Breaks First?

Apr 5, 2026 ·35m

Build AI Agents Overnight: Prompt-to-Prototype

Apr 1, 2026 ·29m

Copilot Chaos: A Simple Map of Microsoft's AI

Mar 30, 2026 ·28m

AI Adoption Isn’t IT: Exec Alignment Comes First

Mar 29, 2026 ·31m

From AI Fear to Daily Habit: The 90-Day Playbook

Mar 25, 2026 ·22m

Similar Podcasts

Microsoft Innovation Podcast Mark Smith [nz365guy] If you want to get your ideas or questions featured on an episode, please leave us a voicemail: https://www.microsoftinnovationpodcast.com/voicemail/Dive into the future of work with the "Microsoft Innovation Podcast," exploring the intersection of People, Business, Technology, and AI. Engage with expert guests—including thought leaders from Microsoft, industry innovators, and community specialists—who are redefining the world with advancements in AI, Cloud technologies, the Power Platform, Dynamics 365, and beyond.Every episode delivers a blend of in-depth discussions, practical insights, and actionable strategies tailored for professionals driving enablement and innovation. Join us across our six shows:The Power Platform ShowThe MVP ShowThe Copilot ShowThe Ecosystems ShowThe AI AdvantageThe AI Unfilter The Microsoft Innovative Expert Spotlight Series Podcast Jeffrey Bradbury Welcome to the Microsoft Innovative Educator (MIE) Spotlight Series Podcast. If you are an educator looking to learn how to leverage the power of innovative teaching with technology in your classroom, this is the podcast for you. Each episode of the MIE Spotlight Series features a dynamic teacher, a Microsoft Innovative Educator, showcasing how they are transforming their classrooms through creative lessons and 21st century teaching styles. This podcast is hosted by educator Jeff Bradbury from the TeacherCast Educational Network and brought to you by Microsoft in Education. Hybrid Work rund um Microsoft 365 FellowCast Die hybride Arbeitswelt stellt uns vor ganz neue Herausforderungen. Ständig schwappen auch innerhalb von Microsoft 365 neue Technologien auf den Markt, die uns helfen sollen, unsere hybride Arbeitswelt innovativer und produktiver zu gestalten. Doch wo bleibt der Mensch? Brauchen wir ganz neue Konzepte, um eine gute Employee Experience zu erschaffen? Wie helfen uns Teams-(Custom)-Apps, Viva & Co. dabei, unsere interne Kommunikation zu verbessern und Mitarbeitende glücklicher zu machen? Wie erzeugen wir heute in einer hybriden Arbeitswelt ausreichend Verbundenheit, um Mitarbeitende aus unterschiedlichen Kulturen gesund und motiviert zu integrieren? Über all das, wollen wir in diesem Podcast mit verschieden Expertinnen und Experten aus dem Modern Work Umfeld reden. IAMCP mitgesprochen - wir sprechen mit und über Microsoft FellowCast "Mitgesprochen" ist der Podcast des IAMCP German Chapter eV, von seinen Mitgliedern kurz und liebevoll als IAMCP bezeichnet. Wir sind ein eingetragener Verein von unterschiedlichen Microsoft Partnern aus ganz Deutschland, die gemeinsam mehr erreichen möchten und sich dabei gegenseitig unterstützen. Wir diskutieren vor allem mit und über Microsoft zu Trends und Technologien rund um die digitale Arbeitswelt.Als Eco-System versuchen wir, die Herausforderungen der digitalen Transformation für Unternehmen und öffentliche Einrichtungen, Verwaltungen und Verbände zu stemmen. Es ist immer gut zu Wissen, welcher Partner worauf spezialisiert ist und wie wir gut zusammen arbeiten können, um echte Mehrwerte bei für die Digitalisierung zu schaffen. Weil wir dies mittlerweile richtig gut können, sind wir 2022 auch von Microsoft als Partner of the Year ausgezeichnet worden.

URL copied to clipboard!