Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Filch Stealer: A new infostealer leveraging old techniques
June 16, 2025
In recent weeks, Rapid7 has observed an increased volume of incidents involving domains generated by domain generation algorithms (DGAs). DGAs are a known technique leveraged by malware authors to quickly create a large number of domain names, which will point to command and control (C2) servers operated by the attackers. Observed domains shared multiple commonalities such ...
- Europe-wide takedown hits longest-standing dark web drug market
June 16, 2025
Law enforcement authorities across Europe have dismantled ‘Archetyp Market’, the most enduring dark web marketplace, following a large-scale operation involving six countries, supported by Europol and Eurojust. Between 11 and 13 June, a series of coordinated actions took place across Germany, the Netherlands, Romania, Spain, Sweden, targeting the platform’s administrator, moderators, key vendors, and technical infrastructure. ...
- WestJet investigating possible cyberattack
June 16, 2025
WestJet has apparently suffered a cyberattack which has disrupted some of its services, including impacting the airline’s website and mobile app. The company confirmed the news in a security advisory posted on its website, noting, “WestJet is aware of a cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users.” ...
- Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper
June 13, 2025
A new ransomware-as-a-service (RaaS) group has emerged and has been making a name for itself in 2025. Anubis is a recently identified group that sets itself apart by partnering encryption with more destructive capabilities—wiping directories which severely impact chances of file recovery. Given its brief history and use of a multi-layered extortion model, Anubis has all ...
- MyCert: Malaysia data breaches up 29% in Q1 2025
June 11, 2025
The Malaysia Computer Emergency Response Team (MyCert) reported an increase in data breach incidents in Malaysia in the first quarter of the year. “Data breach incidents are growing in Malaysia with a nearly 29% increase this quarter, underscoring the need for better security measures to ensure national security and public trust,” said MyCert. According to its ...
- US government’s vaccine website defaced with AI-generated content
June 11, 2025
A U.S. government website designed to inform the public about vaccines has been defaced and now hosts apparently AI-generated spam. The domain, which belongs to the U.S. Department of Health and Human Services (HHS), appears to have been hosting the same kind of content — mostly gay-themed and LGBTQ+ posts — since at least May 12, ...