September 2, 2024 at 12:24AM Developers of Roblox are being targeted by a persistent campaign that uses fake npm packages to compromise systems, mimicking the popular ‘noblox.js’ library. Attackers employ brandjacking and starjacking to give a facade of legitimacy. Malicious packages steal data and deploy malware, with the end goal being to deploy Quasar RAT … Read more
April 10, 2024 at 10:21AM Threat actors are exploiting GitHub automation features to distribute a variant of the “Keyzetsu” clipboard-hijacking malware via fake repositories named after popular topics. They use GitHub Actions to boost rankings and create fake accounts to add false popularity. The malware, hidden in Visual Studio projects, aims to steal cryptocurrency payments … Read more
April 10, 2024 at 09:15AM Threat actors are leveraging GitHub’s search feature to dupe users into downloading malicious code by creating fake repositories with popular names. The attackers manipulate search rankings and use fake stars to deceive users. Researchers warn of the ongoing threat to the open-source ecosystem and emphasize the need for caution when … Read more
March 13, 2024 at 06:21AM A recent phishing campaign has been detected distributing remote access trojans (RAT) like VCURMS and STRRAT through a malicious Java-based downloader. The attackers are utilizing public services like AWS and GitHub to store malware and employing a Proton Mail email address for communication with a command-and-control server. The campaign includes … Read more
January 12, 2024 at 08:22AM GitHub’s popularity presents challenges and opportunities. Its appeal to developers worldwide makes it difficult to block, benefitting dissidents but posing security risks. Despite being relatively immune to Chinese censorship, it is abused for malware distribution. GitHub’s advantages and disadvantages make it a complex platform for both legitimate and malicious activities. … Read more
December 19, 2023 at 08:39AM Threat actors are using GitHub for malicious activities, including hosting malware and delivering malicious commands via secret Gists and git commit messages. The use of legitimate public services allows threat actors to bypass detection tools. These novel methods can blend malicious traffic with genuine communications, making it harder to detect … Read more