Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Money-making scripts attack organizations
October 19, 2023
In April of this year, the FBI published an advisory on attacks targeting government, law enforcement, and non-profit organizations. Attackers download scripts onto victims’ devices, delivering several types of malware all at once. The main aim is to utilize company resources for mining, steal data using keyloggers, and gain backdoor access to systems. According to Kaspersky ...
- Ransomware actor exploits unsupported ColdFusion servers – but comes away empty-handed
October 19, 2023
Servers are always a point of interest for threat actors as they are one of the most efficient attack vectors to penetrate an organization. Server-related accounts often have the highest privilege levels, making lateral movement to other machines in the network easily achievable. Sophos X-Ops has observed a wide variety of threats being delivered to ...
- Another InfoStealer Enters the Field, ExelaStealer
October 19, 2023
In 2023, the InfoStealer market is a reasonably crowded affair. The likes of RedLine, Raccoon, and Vidar own a significant market share, with new entrants such as SaphireStealer appearing frequently. The latest entry, ExelaStealer has now taken the field. Very little backstory is available on ExelaStealer, with the earliest public mentions FortiGuard Labs could locate ...
- Top crypto firms named in $1bn fraud lawsuit
October 19, 2023
US prosecutors have accused three high-profile cryptocurrency firms of defrauding investors of more than $1bn. New York Attorney General Letitia James said Gemini, a crypto exchange, had lied to customers about the risks of an investment account it offered, which paid high interest rates on crypto. Genesis, a crypto lender, and its parent company Digital Currency ...
- Hacker leaks millions more 23andMe user records on cybercrime forum
October 18, 2023
The same hacker who leaked a trove of user data stolen from the genetic testing company 23andMe two weeks ago has now leaked millions of new user records. On Tuesday, a hacker who goes by Golem published a new dataset of 23andMe user information containing records of four million users on the known cybercrime forum ...
- Government-backed actors exploiting WinRAR vulnerability
October 18, 2023
In recent weeks, Google’s Threat Analysis Group’s (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, in WinRAR, which is a popular file archiver tool for Windows. Cybercrime groups began exploiting the vulnerability in early 2023, when the bug was still unknown to defenders. A patch is now available, but many users still ...