Jump to content
  • Sign Up
×
×
  • Create New...

Secretive network exploits GitHub to spread malware and phishing links — nefarious actors attack from 3,000 shadow accounts

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

Secretive network exploits GitHub to spread malware and phishing links — nefarious actors ******* from 3,000 shadow accounts

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==

A secret network of around 3,000 “ghost” accounts on GitHub has been discovered manipulating the code-hosting platform to promote malware and phishing links. Recent research conducted by cybersecurity firm

This is the hidden content, please
exposed the activities of a cybercriminal the researchers have named “Stargazer Goblin.”

Since June 2023 or even earlier, Stargazer Goblin has been active on

This is the hidden content, please
-owned GitHub, the world’s largest open-source code repository. The site hosts millions of developers’ projects, and Stargazer Goblin has been using its community tools to boost malicious code repositories’ visibility and perceived legitimacy.

Antonis Terefos, a malware reverse engineer at Check Point who uncovered this network, highlighted the sophistication of the operation. He noted that while GitHub has been targeted by cybercriminals before, the scale and method of this operation are unprecedented.

Repositories and stars are bought and sold through a cybercrime-linked Telegram channel and various ********* marketplaces. Telegram is commonly used by cybercriminals, their clients, and their victims. Terefos said he has never seen this kind of network of fake accounts operating like this on GitHub.

The Stargazers Ghost Network by Check Point spreads malware disguised as legitimate tools for social media, gaming, and cryptocurrency applications. Some examples included code for running VPNs or licensing software like

This is the hidden content, please
Photoshop. Such repositories target Windows users who are searching for free software online. 

The network charges other hackers to use its services. Check Point has identified various types of malware distributed through this network, including the Atlantida Stealer, Rhadamanthys, and Lumma Stealer. Terefos discovered the network while digging into instances of the Atlantida Stealer.

Stargazer Goblin places ads on cybercrime forums, and its Telegram channel offers services such as 100 stars for $10 and 500 stars for $50. It also offers to clone existing repositories and provide trusted accounts. Check Point’s research indicates that the network may have started these activities as early as August 2022 and could have collected up to $100,000 since then. From mid-May to mid-June this year alone, the operator reportedly made around $8,000.

Terefos has observed legitimate repositories being hijacked and transformed into malicious ones using stolen credentials. The malicious code could be further propagated if legitimate users fork these compromised repositories. Automated tools help Terefos identify accounts linked to the network by recognizing common features, such as similar templates and tags.

When GitHub identifies an account supporting ******** malware campaigns, it disables those user accounts for violating its Acceptable Use Policies. Alexis Wales, vice president of security operations at GitHub, stated that the company has dedicated teams to detect and remove such content and accounts. These teams use a combination of manual reviews and at-scale detections using machine learning to identify suspicious behavior.

Unfortunately, GitHub is a gigantic target with over 100 million users and 420 million repositories. This makes it a reasonably insignificant challenge for cybercriminals to hide within the user base like a grain of sand on the beach.

Jake Moore, global cybersecurity adviser at security firm Eset, warned GitHub users about the risks of downloading malicious code. Indicators of malicious repositories include unexpected code changes, code accessing external resources, and hard-coded credentials or API keys.

Stargazer Goblin’s network might be even broader, as evidenced by a

This is the hidden content, please
account sharing malicious links via videos. Terefos emphasizes that the full extent of the network’s operations is still not entirely known.



This is the hidden content, please

#Secretive #network #exploits #GitHub #spread #malware #phishing #links #nefarious #actors #******* #shadow #accounts

This is the hidden content, please

This is the hidden content, please

For verified travel tips and real support, visit: https://hopzone.eu/
0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept