Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns
April 9, 2025
Following the massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem in early 2025. In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated ...
- Hackers to Target Elon Musk For a ‘Full Month’
April 8, 2025
A group of hackers that previously targeted President Donald Trump has pledged to take aim at Elon Musk for the next month. DonRoad Team, which previously claimed responsibility for taking down several Trump-associated websites, announced Monday it would begin hitting sites linked to Elon Musk. Elon Musk has increasing become a target of backlash as a result ...
- Attackers distributing a miner and the ClipBanker Trojan via SourceForge
April 8, 2025
Recently, Kaspersky researchers noticed a rather unique scheme for distributing malware that exploits SourceForge, a popular website providing software hosting, comparison, and distribution services. The site hosts numerous software projects, and anyone can upload theirs. One such project, officepackage, on the main website sourceforge. net, appears harmless enough, containing Microsoft Office add-ins copied from a legitimate ...
- 2025 Ransomware: Business as Usual, Business is Booming
April 8, 2025
Getting an edge on your adversaries involves understanding their behaviors and their mindset. Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack surface against ransomware. The data highlights ...
- Kellogg’s leaks sensitive data after Clop attack
April 8, 2025
WK Kellogg, the company behind the Kellogg’s cereals, has been hit by a major data breach. Cybercriminals from the ransomware group Clop exploited a vulnerability in the software of an external supplier, stealing employees’ personal data. The data breach took place in December 2024, when data was stolen from the file transfer service Cleo. At the ...
- Musk cuts US cyber defences against Russia, increasing threats to UK
April 7, 2025
The Pentagon cyber unit that helps counter threats from Russia has had part of its funding cut. US Cyber Command (USCC), which is charged with defending US military networks, has been ordered to axe contract dealings with private-sector partners, and freeze recruitment. The shock move could have a major impact on Britain’s ability to defend itself ...