Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Canada labels India a ‘cyber adversary’ in new security report
November 1, 2024
India has been described as an adversary for the first time in an official Canadian government document. That description came in the National Cyber Threat Assessment 2025-2026 released by the Canadian Centre for Cyber Security, on Tuesday. In its section on cyber threat from “state adversaries”, it includes China, Russia, Iran, North Korea and India. In ...
- Telematics giant Microlise suffers cyber attack
November 1, 2024
Telematics giant Microlise suffers cyber attack By Gareth Roberts | 1 November 2024 Connected vehicles Microlise has suffered a cyber attack, with a large proportion of the company’s services affected, leaving fleets without some tracking services. The Microlise board says it has appointed external cyber security specialists whose investigations are underway to establish the nature and ...
- UK: Council website back online after cyber attack
November 1, 2024
Burnley Council website is back online after being disrupted by a cyber attack yesterday afternoon. Services across numerous councils in the North West, including Tameside Council and Salford City Council were targeted with a Distributed Denial of Service attack (DDoS). IT teams have now successfully restored the website, and no data has been compromised. Read more… Source: MSN ...
- Phish ’n’ Ships Fakes Online Shops to Steal Money and Credit Card Information
October 31, 2024
HUMAN’s Satori Threat Intelligence and Research team recently uncovered and disrupted a sprawling fraud operation centered on fake web shops that abuse digital payment providers to steal consumers’ money and credit card information. The threat, dubbed Phish ’n’ Ships, is made up of hundreds of fake web shops offering in-demand items. The threat actors, whose internal ...
- Loose-lipped neural networks and lazy scammers
October 31, 2024
One topic being actively researched in connection with the breakout of LLMs is capability uplift – when employees with limited experience or resources in some area become able to perform at a much higher level thanks to LLM technology. This is especially important in information security, where cyberattacks are becoming increasingly cost-effective and larger-scale, causing ...
- Android malware FakeCall intercepts your calls to the bank
October 31, 2024
An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The default call handler app is responsible for managing ...