Fraudsters infected a million computers with viruses through advertising in pirated cinemas

Microsoft reported a malicious ad campaign discovered last December that “affected nearly a million devices worldwide in an information-stealing attack,” according to PCMag.com. The attack affected a wide range of organizations, including both consumer and enterprise devices, indicating that it was indiscriminate, the company noted.

Image source: Joan Gamell/unsplash.com

Microsoft’s security team tracked the infection of two pirated video services, movies7 and 0123movie, whose ads redirected users to fraudulent tech support sites, which then redirected them to Discord, Dropbox, and GitHub pages hosting malware.

Microsoft did not specify how the fraudulent sites lured users into downloading programs that were hidden malware that could steal system information or even remotely take control of the user’s computer.

To disguise themselves, the hackers used signed software certificates while initially delivering some legitimate files. “As of mid-January 2025, discovered stage one downloads were digitally signed using a newly created certificate. A total of twelve different certificates were identified, all of which have been revoked,” Microsoft said.

The attack was designed to deliver malware that would collect information about the PC and send it to the cybercriminals’ server. It could also allow the hackers to install additional malware on the computer to spy on “browsing activity and interact with the active browser instance,” including Firefox, Chrome and Edge, Microsoft said.

GitHub, Discord, and Dropbox have already removed the pages that hosted the malware, according to PCMag. Microsoft also noted that Windows’ built-in Microsoft Defender can detect and flag the malware used in the hack.