March 16, 2024 at 09:21AM
Cybersecurity researchers discovered several GitHub repositories containing cracked software used to distribute the RisePro information stealer. The campaign, named gitgub, included 17 repositories taken down by Microsoft-owned subsidiary due to the threat. The RAR archive in the software contains an installer file that deploys the RisePro, a C++-based malware targeting sensitive data.
From the meeting notes, the key takeaways are as follows:
1. Researchers have discovered a malware campaign, codenamed “gitgub,” which involved 17 GitHub repositories associated with 11 different accounts.
2. The repositories offered cracked software and were used to distribute an information stealer called RisePro.
3. The campaign utilized GitHub’s interface to appear legitimate by displaying fake build statuses and recent dates in the README.md files.
4. The RAR archive files in the repositories contained an installer file which, when unpacked, injected RisePro malware into specific executable files.
5. RisePro, written in C++, gathers sensitive data from infected hosts and exfiltrates it to Telegram channels favored by threat actors.
6. The campaign is part of a trend where stealer malware has become the primary vector for ransomware and high impact data breaches.
7. Various other information-stealing malware, such as Snake Keylogger, RedLine, Vidar, and Raccoon, have also emerged as widely-used threats.
These insights reveal the evolving landscape of cyber threats and emphasize the importance of staying vigilant against increasingly accessible and adaptable stealers.