Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Earth Preta’s Cyberespionage Campaign Hits Over 200
March 27, 2023
Through extensive analysis and as of this writing, we discovered over 200 victims, leading to a wider intelligence analysis of the groups’ goals, different operation groups, and tactics, techniques, and procedures (TTPs). Our study aimed at understanding the different phases and facets involved in this operation, shedding light on the motives and techniques used by ...
- How scammers employ IPFS for email phishing
March 27, 2023
The idea of creating Web 3.0 has been around since the end of 2000s. The new version of the world wide web should repair the weak points of Web 2.0., some of which are: featureless content, prevalence of proprietary solutions, and lack of safety in a centralized user data storage environment, where a massive leak ...
- Emotet malware distributed as fake W-9 tax forms from the IRS
March 26, 2023
A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with. Emotet is a notorious malware infection distributed through phishing emails that in the past contained Microsoft Word and Excel documents with malicious macros that install the malware. Read more… Source: Bleeping Computer
- Business Email Compromise Tactics Used to Facilitate the Acquisition of Commodities and Defrauding Vendors
March 24, 2023
The FBI warns the public of criminal actors using Business Email Compromise (BEC) schemes to facilitate the acquisition of a wide range of commodities. BEC is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional. In many BEC scams, ...
- GRS Roadstone warns staff following cyber attack
March 23, 2023
Construction materials giant GRS Roadstone is writing to employees warning them to check their bank accounts following a major cyber attack. The firm – which employs 800 people – was hit by a “sophisticated cyber-incident” last year which saw data relating to current and former employees copied from its systems and leaked online. Read more… Source: Construction Enquirer
- FBI Internet Crime Complaint Center Releases 2022 Statistics
March 22, 2023
In the recently released 2022 Internet Crime Report produced by the FBI’s Internet Crime Complaint Center (IC3), the numbers confirm that cyber actors continue to plague Americans by targeting U.S. networks, attacking critical infrastructure, holding our money and data for ransom, facilitating large-scale fraud schemes, and threatening our national security. IC3 received a total of ...