Sign up to save your podcasts
Or
Share Malvertising Campaign Leads to Info Stealers Hosted on Github
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Malvertising Campaign Leads to Info Stealers Hosted on Github
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency mining campaign targeting individual computers as part of a large-scale malvertising campaign. They discuss the sophisticated attack chain, which includes DLLs, clipboard malware, process injection via Explorer.exe, and how this impacted nearly one million devices around the globe.
Kajhon explains how attackers use registry modifications, WMI event consumers, and obfuscation techniques like non-standard ports and reverse shells to maintain persistence and evade detection. The duo also covers Microsoft's defense efforts and the challenges of tracking down the origins of these attacks.
In this episode you’ll learn:
Some questions we ask:
Resources:
View Kajhon Soyini on LinkedIn
View Sherrod DeGrippo on LinkedIn
Connect with Sherrod and the team at RSAC
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
View all episodes
By Microsoft
5
1919 ratings
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency mining campaign targeting individual computers as part of a large-scale malvertising campaign. They discuss the sophisticated attack chain, which includes DLLs, clipboard malware, process injection via Explorer.exe, and how this impacted nearly one million devices around the globe.
Kajhon explains how attackers use registry modifications, WMI event consumers, and obfuscation techniques like non-standard ports and reverse shells to maintain persistence and evade detection. The duo also covers Microsoft's defense efforts and the challenges of tracking down the origins of these attacks.
In this episode you’ll learn:
Some questions we ask:
Resources:
View Kajhon Soyini on LinkedIn
View Sherrod DeGrippo on LinkedIn
Connect with Sherrod and the team at RSAC
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
More shows like Microsoft Threat Intelligence Podcast
View all
Security Now (Audio)
1,972 Listeners
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
CyberWire Daily
1,007 Listeners
Smashing Security
311 Listeners
Click Here
400 Listeners
Malicious Life
927 Listeners
Darknet Diaries
7,864 Listeners
Cybersecurity Today
171 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
315 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
129 Listeners
Risky Bulletin
33 Listeners