Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Victoria’s Secret pulls down website amid security incident
May 28, 2025
Clothing and lingerie retailer Victoria’s Secret suspended most of the functionality of its website and some in-store services to “address a security incident,” according to a statement posted to the company’s website on Wednesday. “We identified and are taking steps to address a security incident,” a Victoria’s Secret spokesperson told Reuters in an email on Wednesday. ...
- Zanubis in motion: Tracing the active evolution of the Android banking malware
May 28, 2025
Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and crypto wallets. The main infection vector of Zanubis is impersonating legitimate Peruvian Android applications and then misleading the user into enabling the accessibility permissions. Once ...
- Earth Lamia Develops Custom Arsenal to Target Multiple Industries
May 27, 2025
Trend Micro researchers have been tracking an active intrusion set that primarily targets organizations located in countries including Brazil, India, and Southeast Asia since 2023. The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations. The actor also takes advantage of various known vulnerabilities to ...
- Retail Under Siege: What Recent Cyber Attacks Tell Us About Today’s Threat Landscape
May 27, 2025
When several major UK organizations, including well-known retail brands, found themselves caught in a cyber attack earlier this year, it made headlines. But this incident wasn’t the first, and it won’t be the last. It reflects a growing trend where attackers exploit third-party vendors to breach multiple businesses through a single point of entry. In one ...
- Pakistan among least affected by web threats
May 25, 2025
At its annual Cyber Security Weekend for the Middle East, Turkiye and Africa (META) region, the Kaspersky Global Research and Analysis Team presented cybersecurity trends, including ransomware, advanced persistent threats (APTs), supply chain attacks, mobile threats, artificial intelligence and IoT developments. The first quarter of 2025 showed that Turkiye and Kenya had the highest number of ...
- Adidas warns of consumer data breach
May 23, 2025
German sportswear maker Adidas said on Friday an unauthorised external party had obtained certain consumer data through a third-party customer service provider albeit not passwords or credit card data. “We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts,” the company said in a statement. Read more… Source: MSN ...