web analytics

GitHub Network Fuels Malware Distribution Operation – Source: www.databreachtoday.com

Rate this post

Source: www.databreachtoday.com – Author: 1

Cybercrime
,
Fraud Management & Cybercrime

Threat Actors Profit from GitHub’s Inauthentic Accounts Network

Prajeet Nair (@prajeetspeaks) •
July 29, 2024    

GitHub Network Fuels Malware Distribution Operation
A threat actor dubbed “Stargazer Goblin” uses a network of GitHub repositories to distribute malware. (Image: Shutterstock)

Hackers apparently stymied by improved network detection of malware are turning to fake GitHub repositories to host malicious links and archives embedded with viruses.

See Also: How to Build Your Cyber Recovery Playbook

Security researchers at Check Point say they’ve identified a network of more than 3,000 accounts used to distribute malware through multiple repositories that belong to a threat actor the firm christened “Stargazer Goblin.” The hacking group likely earned about $100,000 over its lifespan, Check Point estimates.

Researchers said that Stargazer Goblin delivers a swath of malware, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer and RedLine. The network first came into existence in August 2022. It began as a smaller-scale project, gradually expanding to its current size.

The threat actor is a step beyond hackers who merely use GitHub repositories to host malicious code. Stargazer Goblin uses its vast network to give accounts a veneer of peer approval, awarding repositories virtual stars, adding themselves as watchers are creating supposed forks. When relying on an URL for downloading malware onto victim machines, the threat actor also points to another malicious repository or a legitimate-seeming external website such as Discord.

“Traditional methods of malware distribution via emails containing malicious attachments are heavily monitored, and the general public has become more aware of these tactics,” Check Point wrote by way of explanation for the mounting interest in GitHub as a malware distributor. Not all hackers have given up on email, of course (see: Email Gateway Security Gaps Enable New Malware Tactics).

Besides using its network to self-referentially build confidence in malicious repositories, Stargazer Goblin uses repositories to keep its malware delivery system resilient in the face of takedowns, Check Point said.

By using one repository to host a download link that points to another repository – and additional repositories to host other pieces of the operation such as phishing templates – the threat actor can “quickly ‘fix’ any broken links that may occur due to accounts or repositories being banned for malicious activities.”

Check Point Research also highlighted the network’s maintenance and recovery processes. When accounts or repositories are banned, Stargazer Goblin swiftly updates links and creates new accounts, ensuring continued operations.

Original Post url: https://www.databreachtoday.com/github-network-fuels-malware-distribution-operation-a-25877

Category & Tags: –

Views: 11

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post