Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Cybercriminals Are Making, and Demanding, More Money Than Ever
March 17, 2021
Ransomware is one of the top threats in cybersecurity and a focus area for Palo Alto Networks. The global threat intelligence team (Unit 42) and incident response team (The Crypsis Group) have partnered to create the 2021 Unit 42 Ransomware Threat Report to provide the latest insights on the top ransomware variants, ransomware payment trends ...
- New Mirai Variant Targeting Network Security Devices
March 15, 2021
On Feb. 23, 2021, one of the IPs involved in the attack was updated to serve a Mirai variant leveraging CVE-2021-27561 and CVE-2021-27562, mere hours after vulnerability details were published. On March 3, 2021, the same samples were served from a third IP address, with the addition of an exploit leveraging CVE-2021-22502. Furthermore, on March ...
- COVID-19: Examining the threat landscape a year later
March 15, 2021
A year ago — everything changed. In an effort to stem the tide of a rapidly spreading pandemic, the world shut down. Shops were forced to shut their doors, and whole countries were placed on stringent lockdowns. Schools were closed around the world, with more than one billion children affected, and the vast majority of ...
- REvil Group Claims Slew of Ransomware Attacks
March 12, 2021
The REvil ransomware threat group is on a cyberattack tear, claiming over the past two weeks to have infected nine organizations across Africa, Europe, Mexico and the U.S. The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the U.S.; as well as two ...
- Threat Assessment: DearCry Ransomware
March 12, 2021
Last week, Microsoft reported that attackers compromised Exchange Mail Servers with the use of four zero-day vulnerabilities. While patches have been released by Microsoft, adversaries are still attacking vulnerable versions of Microsoft Exchange Servers with malicious tools, malware and data exfiltration. Further, Microsoft has confirmed the existence of a ransomware variant leveraging these vulnerabilities, which ...
- No Laughing Matter: Joker’s Latest Ploy
March 12, 2021
Joker reveals more tricks up its sleeves: new malicious Android apps that, like in past schemes, subscribe users to premium services without their consent. Joker (a.k.a. Bread) is one of the most persistent malware families that continually targets Android devices. The malware entered the scene in 2017, and by early 2020, Google has removed more than ...