A new phishing campaign has recently been discovered that uses GitHub to deliver Remote Access Trojans (RAT) STRRAT and Vcurms via a malicious Java downloader. ANY.RUN specialists have detected the active spread of these malicious programs and warn users against potential threats. Short About STRRAT and Vcurms STRRAT is a Java-based RAT, notorious for its… Continue reading STRRAT and Vcurms Malware Abuse GitHub for Spreading
Tag: GitHub
RepoJacking Attacks Could Threaten Millions of GitHub Repositories
Aqua researchers believe that millions of repositories on GitHub are vulnerable to an attack that allows taking over other people’s repositories and is called RepoJacking. The issue is reportedly affecting the repositories of Google, Lyft, and other major companies. Let me remind you that we also wrote that Malware in GitHub Repositories Is Spread From… Continue reading RepoJacking Attacks Could Threaten Millions of GitHub Repositories
Malware in GitHub Repositories Is Spread From Fake Security Company Name
Researchers detected fake company accounts on GitHub linked to a deceitful cybersecurity company. These accounts are promoting harmful repositories on the code hosting service. According to the experts, all repositories claim a proof-of-concept (PoC) exploit for alleged zero-day vulnerabilities in Discord, Google Chrome, and Microsoft Exchange. Though in fact, that was a yet another example… Continue reading Malware in GitHub Repositories Is Spread From Fake Security Company Name
Attackers Can Use GitHub Codespaces to Host and Deliver Malware
Trend Micro reports that the GitHub Codespaces cloud development environment, available to the public use since November 2022, can be used to store and deliver malware, as well as malicious scripts. Let me remind you that we also talked about Hackers Bypass CAPTCHA on GitHub to Automate Account Creation, and also that Hackers compromised Slack… Continue reading Attackers Can Use GitHub Codespaces to Host and Deliver Malware
Hackers Bypass CAPTCHA on GitHub to Automate Account Creation
The South African hack group Automated Libra is looking for new approaches to use the resources of cloud platforms for cryptocurrency mining: hackers bypass CAPTCHA on GitHub. Let me remind you that we also wrote that Hackers force users to solve CAPTCHA, and also that New hCaptcha bypass method may not affect Cloudflare’s security. According… Continue reading Hackers Bypass CAPTCHA on GitHub to Automate Account Creation
Hackers compromised Slack private GitHub repositories
On December 31, while everyone was celebrating the New Year, Salesforce, the company behind the development of the corporate Slack messenger, published a message about the incident of compromising Slack repositories on GitHub. Let me remind you that recently MI also wrote that Slack Is Resetting User Passwords Due to a Bug, and also that… Continue reading Hackers compromised Slack private GitHub repositories
Open-Source Cryptor Cryptonite Became a Wiper due to a Bug
Fortinet researchers studied the recently appeared open-source cryptor Cryptonite, distributed for free on GitHub. It turned out that the creator of the malware made a mistake in the code, and the malware did not encrypt, but destroyed the data of the victims. Let me remind you that we also wrote about FBI Says Cuba Ransomware… Continue reading Open-Source Cryptor Cryptonite Became a Wiper due to a Bug
Thousands of GitHub Repositories Spread Malware That Is Disguised as Exploits
Experts from the Leiden Institute for Advanced Computer Science have discovered thousands of GitHub repositories with fake PoC exploits for various vulnerabilities that spread malware. It turned out that the probability of infection with malware when downloading PoC can reach 10.3%, even if outright fakes are excluded. Let me remind you that we also reported… Continue reading Thousands of GitHub Repositories Spread Malware That Is Disguised as Exploits
Hackers Use CircleCI Fake Notifications to Access GitHub Accounts
GitHub warns that a large-scale phishing campaign aimed at users began on September 16: scammers send emails with fake notifications on behalf of the Circle CI service, which is used for continuous development and deployment. Let me remind you that we also said that GitHub will replace the term “master” with a more neutral one,… Continue reading Hackers Use CircleCI Fake Notifications to Access GitHub Accounts
Developer of CodeRAT Trojan Releases Source Code
The source code for the CodeRAT remote access trojan has been published on GitHub. This happened after the security researchers identified the malware developer and called him to account because of the attacks in which this “tool” was used. SafeBreach experts say that the attacks using CodeRAT were built as follows: the campaign was aimed… Continue reading Developer of CodeRAT Trojan Releases Source Code