Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Naked photos and personal info from thousands of plastic surgery patients including dozens of celebrities and 1,500 Britons are published on the dark web
May 30, 2017
Hackers have published naked photos of thousands of plastic surgery patients who had work done at a Lithuanian clinic, it has been reported. Local authorities said more than 25,000 private photos and pieces of personal information from the Kaunas-based Grozio Chirurgija clinics were published on the internet. The leak includes intimate photos and data of more than ...
- Linguistic Analysis Suggests WannaCry Hackers Could be From Southern China
May 29, 2017
It’s been almost four weeks since the outcry of WannaCry ransomware, but the hackers behind the self-spread ransomware threat have not been identified yet. However, two weeks ago researchers at Google, Kaspersky Lab, Intezer and Symantec linked WannaCry to ‘Lazarus Group,’ a state-sponsored hacking group believed to work for the North Korean government. Now, new research from ...
- Fancy Bear Hackers Tainted Dumped Emails with False Data
May 27, 2017
Hackers from Fancy Bear, the espionage hacker group with Russian ties, reportedly snuck false information in the data trove they leaked from the Democratic National Committee during the American elections. According to a report from Citizen Lab, an organization with ties to the University of Toronto, the hackers planted information inside emails belonging to a journalist ...
- EternalRocks spreads seven Windows SMB exploits
May 23, 2017
Someone has stitched together seven of the Windows SMB exploits leaked by the ShadowBrokers, creating a worm that has been spreading through networks since at least the first week of May. Researcher Miroslav Stampar, a member of the Croatian government’s CERT, captured a sample of the worm last Wednesday in a Windows 7 honeypot he runs, ...
- Russian Cron Malware Operators Arrested Before Banking Malware Taken Abroad
May 23, 2017
With the help of an Android malware, Russian cyber criminals were able to steal from local bank customers and were planning to move their operation to the rest of Europe. Twenty people were arrested as law enforcement tried to kill off the “Cron” malware campaign. Russian security firm Group IB writes that the raids also thwarted ...
- Zomato Breach Exposes 17M User Records, Makes Deal with Hacker to Destroy Data
May 19, 2017
Restaurant guide Zomato has announced that it has been the victim of a data breach which saw the records of 17 million users being stolen from its database. The bad news is that 6.6 million of those are already on sale on a dark web marketplace. The good news is that the company has more ...