Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- EternalRocks spreads seven Windows SMB exploits
May 23, 2017
Someone has stitched together seven of the Windows SMB exploits leaked by the ShadowBrokers, creating a worm that has been spreading through networks since at least the first week of May. Researcher Miroslav Stampar, a member of the Croatian government’s CERT, captured a sample of the worm last Wednesday in a Windows 7 honeypot he runs, ...
- Russian Cron Malware Operators Arrested Before Banking Malware Taken Abroad
May 23, 2017
With the help of an Android malware, Russian cyber criminals were able to steal from local bank customers and were planning to move their operation to the rest of Europe. Twenty people were arrested as law enforcement tried to kill off the “Cron” malware campaign. Russian security firm Group IB writes that the raids also thwarted ...
- Zomato Breach Exposes 17M User Records, Makes Deal with Hacker to Destroy Data
May 19, 2017
Restaurant guide Zomato has announced that it has been the victim of a data breach which saw the records of 17 million users being stolen from its database. The bad news is that 6.6 million of those are already on sale on a dark web marketplace. The good news is that the company has more ...
- More Hacking Groups Found Exploiting SMB Flaw Weeks Before WannaCry
May 19, 2017
Since the Shadow Brokers released the zero-day software vulnerabilities and hacking tools – allegedly belonged to the NSA’s elite hacking team Equation Group – several hacking groups and individual hackers have started using them in their own way. The April’s data dump was believed to be the most damaging release by the Shadow Brokers till the ...
- Available Tools Making Dent in WannaCry Encryption
May 19, 2017
Tools are beginning to emerge that can be used to start the process of recovering files encrypted by WannaCry on some Windows systems. This takes on extra urgency because today marks one week from the initial outbreak, and files encrypted during that first wave are on the clock and close to being lost forever. Adrien Guinet, of ...
- Shadow Brokers teases more Windows exploits and cyberespionage data
May 16, 2017
A group of hackers that previously leaked alleged U.S. National Security Agency exploits claims to have even more attack tools in its possession and plans to release them in a new subscription-based service. The group also has intelligence gathered by the NSA on foreign banks and ballistic missile programs, it said. The Shadow Brokers was responsible for leaking ...