July 25, 2024 at 07:09AM
A threat actor known as Stargazer Goblin has built a network of over 3,000 GitHub accounts to distribute malware and perform malicious activities. Operating since August 2022, the network has earned over $100,000. The accounts, collectively named Stargazers Ghost Network, distribute information-stealing malware and use various tactics to evade detection and takedowns by GitHub.
After carefully reviewing the meeting notes, I have identified the following key takeaways:
1. A threat actor known as Stargazer Goblin has established a network of over 3,000 GitHub accounts to distribute malware and conduct malicious activities, generating revenue of over $100,000 since the network’s inception.
2. The network, referred to as the Stargazers Ghost Network by Check Point, has been observed distributing information-stealing malware such as Atlantida Stealer, Lumma Stealer, Rhadamanthys, RisePro, and RedLine.
3. Stargazer Goblin leverages a distribution-as-a-service (DaaS) operation, where victims are lured to phishing repositories containing malicious links and content.
4. Automation is employed to create phishing templates targeting various social platforms, while multiple GitHub accounts are used to legitimize the distribution of malicious links.
5. The network demonstrates a high degree of flexibility and adaptability by distributing responsibilities across multiple accounts to minimize disruptions and swiftly adapt to the suspension of accounts or repositories.
6. Check Point identified that the Ghost accounts within the network have different roles, including repository-phishing, commit-link, Stargazer, and others, ensuring the continuity of the network’s operations even if some accounts are banned or compromised.
7. The network’s reach extends beyond GitHub, as Check Point believes that it also includes Ghost accounts on various other platforms such as Twitter, YouTube, Discord, Instagram, and Facebook, forming a larger ecosystem for the DaaS operation.
8. Check Point highlights the increased sophistication in malware distribution, where future ghost accounts powered by AI could lead to more targeted and challenging-to-distinguish malicious campaigns.
These clear and actionable takeaways provide essential insights into the operations and tactics of Stargazer Goblin’s malicious network, as well as the broader implications for cybersecurity in the face of increasingly sophisticated threat actors.