Sign up to save your podcasts
Or
Share Malvertising Campaign Leads to Info Stealers Hosted on Github
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Malvertising Campaign Leads to Info Stealers Hosted on Github
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency mining campaign targeting individual computers as part of a large-scale malvertising campaign. They discuss the sophisticated attack chain, which includes DLLs, clipboard malware, process injection via Explorer.exe, and how this impacted nearly one million devices around the globe.
Kajhon explains how attackers use registry modifications, WMI event consumers, and obfuscation techniques like non-standard ports and reverse shells to maintain persistence and evade detection. The duo also covers Microsoft's defense efforts and the challenges of tracking down the origins of these attacks.
In this episode you’ll learn:
Some questions we ask:
Resources:
View Kajhon Soyini on LinkedIn
View Sherrod DeGrippo on LinkedIn
Connect with Sherrod and the team at RSAC
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
View all episodes
By Microsoft
5
2121 ratings
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency mining campaign targeting individual computers as part of a large-scale malvertising campaign. They discuss the sophisticated attack chain, which includes DLLs, clipboard malware, process injection via Explorer.exe, and how this impacted nearly one million devices around the globe.
Kajhon explains how attackers use registry modifications, WMI event consumers, and obfuscation techniques like non-standard ports and reverse shells to maintain persistence and evade detection. The duo also covers Microsoft's defense efforts and the challenges of tracking down the origins of these attacks.
In this episode you’ll learn:
Some questions we ask:
Resources:
View Kajhon Soyini on LinkedIn
View Sherrod DeGrippo on LinkedIn
Connect with Sherrod and the team at RSAC
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
More shows like Microsoft Threat Intelligence Podcast
View all
Risky Business
364 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
639 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
369 Listeners
Hacked
180 Listeners
CyberWire Daily
1,012 Listeners
Smashing Security
316 Listeners
Click Here
405 Listeners
Darknet Diaries
7,962 Listeners
Cybersecurity Today
174 Listeners
CISO Series Podcast
190 Listeners
Hacking Humans
316 Listeners
Defense in Depth
77 Listeners
Cyber Security Headlines
128 Listeners
Risky Bulletin
43 Listeners
Hacker And The Fed
169 Listeners