Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Ex-CIA employee charged with leaking ‘Vault 7’ hacking tools to Wikileaks
June 18, 2018
A 29-year-old former CIA computer programmer who was charged with possession of child pornography last year has now been charged with masterminding the largest leak of classified information in the agency’s history. Joshua Adam Schulte, who once created malware for both the CIA and NSA to break into adversaries computers, was indicted Monday by the Department of Justice on 13 ...
- Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist
June 13, 2018
A cyberattack against Chile’s largest financial institution last month, which reportedly destroyed 9,000 workstations and 500 servers, was actually cover for a larger plot to compromise endpoints handling transactions on the SWIFT network. When the dust settled on the attacks, investigators said $10 million was stolen from Banco de Chile and funneled off to an account in Hong ...
- Zero-Day Flash Exploit Targeting Middle East
June 7, 2018
A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday. The Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by Adobe. Read more… Source: ThreatPost
- Targeted Spy Campaign Hits Russian Service Centers
June 7, 2018
A series of espionage attacks have been uncovered, targeted at service centers in Russia that provide maintenance and support for a variety of electronic goods. The payload is a commercial version of the Imminent Monitor tool, which is freely available for purchase as legitimate software. Its developers explicitly prohibit any usage of the tool in a malicious way ...
- VPNFilter Malware Impact Larger Than Previously Thought
June 6, 2018
Researchers say the impact of the VPNFilter malware discovered last month is larger than originally reported. On Wednesday, Cisco Talos researchers said they now believe the malware has infected twice the number of router brands than previously stated. They added that VPNFilter also delivers a more potent punch than they originally thought, and have identified a previously ...
- Prowli Malware Targeting Servers, Routers, and IoT Devices
June 6, 2018
After the discovery of massive VPNFilter malware botnet, security researchers have now uncovered another giant botnet that has already compromised more than 40,000 servers, modems and internet-connected devices belonging to a wide number of organizations across the world. Dubbed Operation Prowli, the campaign has been spreading malware and injecting malicious code to take over servers and websites around ...