Microsoft Confirms GitHub-Hosted Malware Infected Nearly a Million Devices

Microsoft has uncovered a large-scale malvertising campaign that used GitHub to distribute malware, infecting nearly a million devices. The attack, linked to pirate streaming sites, redirected users through multiple layers before delivering a GitHub-hosted dropper that stole system data and credentials. Microsoft has since removed the malicious repositories. Meanwhile, Red Hat has become a CVE numbering authority, and several critical vulnerabilities, including flaws in WhatsUp Gold and Hitachi Vantara software, are being actively exploited.

Cisco also warned of an old router vulnerability that remains unpatched. In other cybersecurity news, a Surfshark report revealed that top iOS phone cleaner apps share user data, the US House passed a bill to enforce vulnerability disclosure for federal contractors, AI-generated videos impersonated YouTube CEO Neal Mohan in a phishing scam, and Singapore is considering corporal punishment for scammers, highlighting Telegram’s role in cyber fraud.

Microsoft Confirms GitHub-Hosted Malware Infected Nearly a Million Devices

Microsoft has uncovered a large-scale cyberattack that used GitHub as a distribution platform for malware, compromising nearly a million devices. The attack, identified by Microsoft Threat Intelligence, relied on malicious advertising (malvertising) embedded in pirate streaming websites. These deceptive ads redirected users through multiple layers before leading them to a GitHub-hosted dropper. Once executed, the dropper deployed malware designed to extract sensitive system information and steal stored credentials. Microsoft has since taken down the infected repositories and issued security recommendations to prevent similar attacks in the future.

Major Cybersecurity Threats and Vulnerabilities

• Red Hat Becomes a CVE Numbering Authority

In a significant move for open-source security, Red Hat has been granted authority to assign Common Vulnerabilities and Exposures (CVEs). This means the company can officially identify and document security flaws in open-source software, enhancing the cybersecurity landscape for developers and enterprises relying on such technology.

• Actively Exploited Security Vulnerabilities

Several critical vulnerabilities have been flagged as actively exploited, posing serious risks to affected systems:

• CVE-2024-4885 (CVSS Score: 9.8) – A remote code execution vulnerability in WhatsUp Gold (Progress Software) allows attackers to take control of affected systems remotely.
• CVE-2022-43939 (CVSS Score: 9.8) – A security bypass flaw in Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2 allows unauthorized access to protected data.
• CVE-2022-43769 (CVSS Score: 8.8) – An injection vulnerability in the same Hitachi software allows attackers to manipulate system properties through web services.

Additionally, Cisco has raised concerns about CVE-2023-20118, a security flaw in its small business routers that remains actively exploited. However, Cisco has chosen not to release a patch, citing the outdated nature of the affected hardware. Users are instead advised to upgrade to newer models, though this decision raises concerns about long-term security support for older networking devices.

Other Notable Cybersecurity Developments

• Phone Cleaner Apps Found to Harvest User Data

A recent study by cybersecurity firm Surfshark has revealed that popular phone cleaner apps, particularly on iOS, collect and share extensive user data with third parties. These apps, which claim to optimize device performance by removing junk files, actually gather sensitive information such as user IDs, location data, purchase history, and device interactions. This data is often resold to advertisers and data brokers, raising major privacy concerns. Experts recommend avoiding these apps and instead using built-in system tools for device maintenance.

• US House Passes Cybersecurity Bill for Federal Contractors

The US House of Representatives has approved a bill that mandates cybersecurity vulnerability disclosure policies for federal contractors. Under this legislation, any contractor with agreements worth over $225,000—or those managing federal information systems—must implement security measures to report and address vulnerabilities. The move aims to close a critical gap in national cybersecurity defenses. While similar bills were previously introduced but stalled, the recent passage suggests a stronger push for cybersecurity regulations at the federal level.

• AI-Generated Scam Targets YouTube Creators

Scammers have used artificial intelligence to generate deepfake videos impersonating YouTube CEO Neal Mohan in an attempt to phish content creators. Fraudsters sent private YouTube videos claiming to announce changes to the platform’s monetization policies, tricking users into clicking malicious links or providing personal information. Google has since warned creators to avoid engaging with private videos that claim to be official YouTube communications, emphasizing that legitimate updates will never be shared through such methods.

• Singapore Considers Harsh Punishments for Scammers

In response to rising cyber fraud cases, Singapore’s government is exploring the introduction of corporal punishment for scammers. Minister of State for Home Affairs Sun Xueling acknowledged the severity of scam-related crimes and suggested adding caning as a legal punishment alongside long prison sentences. The move follows a troubling surge in online scams, with Singaporeans losing over $1.1 billion in 2024. Telegram has been singled out as a major platform for scam-related activities, with reported cases nearly doubling last year. The government is now considering stricter regulations to curb fraudulent activities on the messaging app.

Conclusion

The cybersecurity landscape continues to evolve, with new threats emerging regularly. From large-scale malware attacks leveraging GitHub to data-harvesting apps and AI-powered scams, individuals and businesses must remain vigilant. Microsoft’s swift action in removing malicious repositories, legislative efforts to improve security, and heightened awareness of cyber risks are all steps in the right direction. However, as cybercriminals develop more sophisticated methods, stronger preventive measures and timely security updates will be essential in mitigating risks.