Nearly 1 million Windows devices were targeted in recent months by a sophisticated “malvertising” campaign that surreptitiously stole login credentials, cryptocurrency, and other sensitive information from infected machines, Microsoft said.

The campaign began in December, when the attackers, who remain unknown, seeded websites with links that downloaded ads from malicious servers. The links led targeted machines through several intermediary sites until finally arriving at repositories on Microsoft-owned GitHub, which hosted a raft of malicious files.

Ad blockers aren’t just convenient, they’re necessary for online safety. Install it on your family member’s devices