Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Italy: SYNLAB affected by cyber-attack
April 19, 2024
SYNLAB AG announces that SYNLAB Italy is affected by the consequences of a cyber-attack. As a precaution and in accordance with the SYNLAB IT security procedures, all IT systems in Italy have been immediately deactivated as soon as the attack was identified in the early morning of 18 April 2024. As a result of the incident, ...
- The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider
April 18, 2024
In late 2021, LabHost (AKA LabRat) emerged as a new PhaaS platform, growing over time to eventually offer dozens of phishing pages targeting banks, high-profile organizations, and other service providers located around the world, but most notably in Canada, the US, and the UK. The popularity of the platform meant that at the time of the ...
- #StopRansomware: Akira Ransomware summary
April 18, 2024
Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines. As of January 1, 2024, the ransomware group has impacted over 250 ...
- How secret rise of zero-day brokers is causing worldwide security risks
April 18, 2024
Zero-day hackers exploit security vulnerabilities in software that the developers of that software are often completely oblivious about. Imagine scrolling through your social media feed when a notification pops up, seemingly from a trusted friend. It contains a funny meme or a scandalous news story, but the link takes you to a different website. Clicking it ...
- Police bust global cyber gang accused of industrial-scale fraud
April 18, 2024
Police have taken down a gang accused of using a technology service that helped criminals use fraudulent text messages to steal from victims. They have arrested 37 people worldwide and are contacting victims. Officers say younger people who grew up with the internet were the most likely to fall for the “phishing” scam. The technology allowed ...
- SoumniBot: the new Android banker’s unique techniques
April 17, 2024
The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we ...