Microsoft Threat Intelligence Podcast

Malvertising Campaign Leads to Info Stealers Hosted on Github

Listen Later

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency mining campaign targeting individual computers as part of a large-scale malvertising campaign. They discuss the sophisticated attack chain, which includes DLLs, clipboard malware, process injection via Explorer.exe, and how this impacted nearly one million devices around the globe.  

Kajhon explains how attackers use registry modifications, WMI event consumers, and obfuscation techniques like non-standard ports and reverse shells to maintain persistence and evade detection. The duo also covers Microsoft's defense efforts and the challenges of tracking down the origins of these attacks. 



In this episode you’ll learn:      

  • Why the attack chain incorporates legacy malware like NetSupport RAT 
  • The overlap between the Luma Stealer and Donarium malware families 
  • How Luma Stealer uses GitHub repositories and redirector networks to deliver malicious payloads 

    •  

    Some questions we ask:     

      

    • Can you explain how the malware uses the “image file execution objects” registry path? 
    • What role does Netcat play in this campaign’s command and control? 
    • Why do people still mine cryptocurrency today, with all the complexities and attack methods? 

      •  

      Resources:  

      View Kajhon Soyini on LinkedIn  

      View Sherrod DeGrippo on LinkedIn  

      Connect with Sherrod and the team at RSAC 

       

      Related Microsoft Podcasts:                   

      • Afternoon Cyber Tea with Ann Johnson 
      • The BlueHat Podcast 
      • Uncovering Hidden Risks     

         

        Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

         

        Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

         

         

        The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

        ...more
        View all episodesView all episodes
        Download on the App Store
        Microsoft Threat Intelligence PodcastBy Microsoft
        • 5
        • 5
        • 5
        • 5
        • 5

        5

        22 ratings

        More shows like Microsoft Threat Intelligence Podcast

        View all
        Hacked by Hacked

        Hacked

        188 Listeners

        Security Now (Audio) by TWiT

        Security Now (Audio)

        2,010 Listeners

        The Talk Show With John Gruber by Daring Fireball / John Gruber

        The Talk Show With John Gruber

        3,145 Listeners

        Risky Business by Patrick Gray

        Risky Business

        372 Listeners

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

        651 Listeners

        CyberWire Daily by N2K Networks

        CyberWire Daily

        1,024 Listeners

        Smashing Security by Graham Cluley

        Smashing Security

        319 Listeners

        Click Here by Recorded Future News

        Click Here

        417 Listeners

        Darknet Diaries by Jack Rhysider

        Darknet Diaries

        8,056 Listeners

        Cybersecurity Today by Jim Love

        Cybersecurity Today

        181 Listeners

        Hacking Humans by N2K Networks

        Hacking Humans

        314 Listeners

        CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

        CISO Series Podcast

        189 Listeners

        Cyber Security Headlines by CISO Series

        Cyber Security Headlines

        140 Listeners

        Cyber Hack by BBC World Service

        Cyber Hack

        1,626 Listeners

        Risky Bulletin by risky.biz

        Risky Bulletin

        44 Listeners