July 29, 2024 at 03:42AM Stargazer Goblin operates a network of inauthentic GitHub accounts, distributing malware and earning $100,000 in illicit profits. The “Ghost” accounts engage in various activities to appear legitimate, making them resistant to takedowns. The scheme propagates malware families such as Atlantida Stealer and involves social engineering attacks, targeting GitHub repositories and … Read more
March 25, 2024 at 07:07AM The attacker used multiple techniques, such as distributing harmful dependencies through a fake Python infrastructure associated with GitHub projects. Based on the meeting notes, it appears that the attacker used multiple techniques, such as distributing malicious dependencies through a fake Python infrastructure connected to GitHub projects. This suggests a sophisticated … Read more
January 11, 2024 at 10:53AM GitHub’s widespread usage in IT has made it an attractive option for threat actors to host and deliver malicious content, acting as dead drop resolvers, command-and-control, and data exfiltration points. The platform is used for various malicious activities, including payload delivery and phishing, presenting challenges for traditional security defenses. Recorded … Read more
December 19, 2023 at 08:39AM Threat actors are using GitHub for malicious activities, including hosting malware and delivering malicious commands via secret Gists and git commit messages. The use of legitimate public services allows threat actors to bypass detection tools. These novel methods can blend malicious traffic with genuine communications, making it harder to detect … Read more