September 1, 2024 at 09:08AM GitHub is being misused to distribute the Lumma Stealer information-stealing malware through fake fixes shared in project comments. Based on the meeting notes, it seems that GitHub is being misused to distribute the Lumma Stealer malware by posting fake fixes as project comments. This is a serious security concern that … Read more
June 10, 2024 at 06:25PM Threat actors are impersonating GitHub’s teams in phishing attacks, aiming to hijack repositories using malicious OAuth apps. These attackers have been targeting developers with fake job offers or security alerts via phishing emails and redirecting them to fake GitHub landing pages, leading to compromised accounts and wiped repositories. GitHub advises … Read more
April 22, 2024 at 11:10AM Threat actors are exploiting a GitHub and GitLab flaw to distribute malware via URLs associated with legitimate repositories, creating convincing lures. This issue also affects GitLab, allowing malware to be pushed via comments. Examples show how malware files were made to appear linked to reputable organizations. The flaw remains unaddressed … Read more
April 21, 2024 at 05:15AM A new information stealer using Lua bytecode was found by McAfee Labs, identified as a variant of RedLine Stealer. It targets cryptocurrency wallets, VPN software, and web browsers, spreading through GitHub by masquerading as game cheats. The malware functions as a backdoor, exfiltrating data to its command-and-control server. It’s part … Read more
April 20, 2024 at 05:07PM Threat actors are exploiting a GitHub flaw to distribute malware through URLs connected to a Microsoft repository, giving the files an appearance of legitimacy. This vulnerability can be abused with any public repository on GitHub, allowing for convincing lures. Despite attempts by McAfee and others to address this issue, the … Read more
January 12, 2024 at 08:22AM GitHub’s popularity presents challenges and opportunities. Its appeal to developers worldwide makes it difficult to block, benefitting dissidents but posing security risks. Despite being relatively immune to Chinese censorship, it is abused for malware distribution. GitHub’s advantages and disadvantages make it a complex platform for both legitimate and malicious activities. … Read more
January 11, 2024 at 10:53AM GitHub’s widespread usage in IT has made it an attractive option for threat actors to host and deliver malicious content, acting as dead drop resolvers, command-and-control, and data exfiltration points. The platform is used for various malicious activities, including payload delivery and phishing, presenting challenges for traditional security defenses. Recorded … Read more
December 19, 2023 at 08:39AM Threat actors are using GitHub for malicious activities, including hosting malware and delivering malicious commands via secret Gists and git commit messages. The use of legitimate public services allows threat actors to bypass detection tools. These novel methods can blend malicious traffic with genuine communications, making it harder to detect … Read more
December 19, 2023 at 07:35AM Cybersecurity research uncovers an individual, “Yeremy,” misusing GitHub to host stage-two malware by exploiting “gists” and commits, evading detection. Hackers are increasingly leveraging public service platforms, like GitHub, for their illicit activities due to their access, lack of scrutiny, and minimal effort required. This tactic offers a stealth advantage over … Read more