November 27, 2024 at 04:19PM Hackers have leveraged the GodLoader malware to exploit the Godot game engine, infecting over 17,000 systems in under three months. Utilizing GDScript, they bypass detection and deliver malicious payloads via GitHub repositories. The attackers operate through the Stargazers Ghost Network, targeting gamers across multiple platforms while evading antivirus tools. ### … Read more
September 12, 2024 at 01:12PM Bank customers in Central Asia are under threat from a new Android malware named Ajina.Banker, aimed at stealing financial information and thwarting two-factor authentication. The malware is distributed through Telegram channels and targets countries such as Armenia, Azerbaijan, and Russia. The attackers use localized promotions and themed messages to maximize … Read more
September 4, 2024 at 04:43PM Security researchers have discovered a concerning method for attackers to distribute malicious payloads through the PyPI package repository. By re-registering a removed package with the same name, adversaries can pass off rogue packages as legitimate ones. This “Revival Hijack” method poses a clear threat, with 120,000 abandoned packages susceptible to … Read more
September 1, 2024 at 09:08AM GitHub is being misused to distribute the Lumma Stealer information-stealing malware through fake fixes shared in project comments. Based on the meeting notes, it seems that GitHub is being misused to distribute the Lumma Stealer malware by posting fake fixes as project comments. This is a serious security concern that … Read more
August 13, 2024 at 11:36AM A Belarussian and Ukrainian dual-national, Maksim Silnikau, was extradited from Poland to the US where he faces charges for distributing malware, scams, and ransomware. His indictments include involvement in malvertising schemes distributing the Angler exploit kit and creating the Ransom Cartel ransomware, with potential penalties of up to 20 years … Read more
July 29, 2024 at 03:42AM Stargazer Goblin operates a network of inauthentic GitHub accounts, distributing malware and earning $100,000 in illicit profits. The “Ghost” accounts engage in various activities to appear legitimate, making them resistant to takedowns. The scheme propagates malware families such as Atlantida Stealer and involves social engineering attacks, targeting GitHub repositories and … Read more
July 25, 2024 at 04:56PM Cybercriminals are using last week’s CrowdStrike outage to launch social engineering attacks on the security vendor’s customers. These targeted phishing activities are more copious and focused than typical news-related attacks. The attackers masquerade as the company itself, technical support, or rival companies to gain access to affected organizations. They also … Read more
July 25, 2024 at 07:09AM A threat actor known as Stargazer Goblin has built a network of over 3,000 GitHub accounts to distribute malware and perform malicious activities. Operating since August 2022, the network has earned over $100,000. The accounts, collectively named Stargazers Ghost Network, distribute information-stealing malware and use various tactics to evade detection … Read more
July 24, 2024 at 06:01PM Stargazer Goblin operates a malware Distribution-as-a-Service on GitHub through a network named Stargazers Ghost Network. The group utilizes fake accounts and compromised sites to distribute password-protected archives containing malware, leading to successful phishing attacks. The operation has generated over $100,000 and continues despite the takedown of some repositories. Users visiting … Read more
July 24, 2024 at 04:38PM A threat actor named “Stargazer Goblin” is using a new tactic to distribute malware by leveraging GitHub. They use a large network of inauthentic accounts to make malicious repositories appear legitimate. The operation involves starring, forking, and subscribing to the repositories to make them seem credible. The group also distributes … Read more