Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Ransomware payments drop to record low, even as attacks surge
February 27, 2026
Ransomware groups have never been this active, but have also never extorted this little money, new research has claimed. Market analysts Chainalysis found the number of ransomware incidents in 2025 rose by 50% compared to the previous year, earning criminals $820 million – although this number may still rise as more incidents are attributed to ransomware ...
- New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises
February 26, 2026
It’s hard to overstate the role that Wi-Fi plays in virtually every facet of life. The organization that shepherds the wireless protocol says that more than 48 billion Wi-Fi-enabled devices have shipped since it debuted in the late 1990s. New research shows that behaviors that occur at the very lowest levels of the network stack make ...
- Conduent data breach gets bigger, more than 25 million people across the US are now affected
February 26, 2026
A ransomware attack that caused a massive data breach for one of the largest government contractors in the U.S. keeps expanding. In early February, it was reported that 10 million people were impacted by the Conduent breach a year after it was discovered. Now though, it’s been revealed that the breach may affect more than 25 ...
- North Korea’s Lazarus Group targets healthcare orgs with Medusa ransomware
February 24, 2026
North Korea’s Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at least one US healthcare organization and an unnamed victim in the Middle East, according to Symantec and Carbon Black threat hunters. The US healthcare attempt failed, while the Middle East organization was ...
- Fake Zoom meeting “update” silently installs surveillance software
February 24, 2026
A fake Zoom meeting website is silently pushing surveillance software onto Windows machines. Visitors land on a convincing imitation of a Zoom video call. Moments later, an automatic “Update Available” countdown downloads a malicious installer—without asking for permission. The software being installed is a covert build of Teramind, a commercial monitoring tool companies use to record ...
- Australia: Cyber attack takes major chicken processor Hazeldenes offline leaving businesses without meat
February 23, 2026
A cyber attack at major chicken meat processor Hazeldenes in central Victoria has led it to shutdown its wi-fi system on site, and a shortage of chicken at pubs and butchers across the state. Retail and industry have told the ABC that the chicken meat processor has been unable to fill some orders because it cannot ...