GitHub and FileZilla used to deploy banking Trojans, here’s how not to get fooled

[ad_1]

Mélina LOUPIA

May 20, 2024 at 7:26 p.m.

2

Fake GitHub profiles fool your vigilance © VideoBCN / Shutterstock

Fake GitHub profiles fool your vigilance © VideoBCN / Shutterstock

Dubbed GitCaught by the researchers who discovered it, this banking malware and Trojan distribution campaign used a Github profile to then impersonate popular and legal tools in order to deceive victims.

Whether they’re called GitHub or FileZilla, the general public is certainly familiar with these tools. And for good reason, the collaborative development platform and the FTP client are the most popular in their respective swimming lanes. A popularity that leaves no one indifferent, especially not hackers, who also know how to take advantage of these tools to carry out their dirty work. In April 2024, GitHub was infested with malware which was embedded in its search system.

This time, the hackers, whom the researchers who discovered the campaign identified as a Russian-speaking gang from the Commonwealth of Independent States (CIS), had to go through a GitHub profile and then “ impersonate legitimate software applications » to betray the trust of victims and serve them their “ malicious cocktails “.

Best antivirus, comparison in May 2024
To discover
Best antivirus, comparison in May 2024

Apr 30, 2024 at 3:05 p.m.

Service comparisons

GitCaught campaign abuses legitimate services to spread its malware cocktail

The malware campaign, dubbed GitCaught, leverages popular online services like GitHub and FileZilla to distribute an array of malware and banking Trojans such as Atomic (aka AMOS), Vidar, Lumma (LummaC2), and Octo. The objective is to pass them off as credible and popular applications like 1Password, Bartender 5, or, to name a few, Pixelmator Pro.

Attackers create fake profiles and repositories on GitHub where they host counterfeit versions of these trusted software. These trapped files are designed to steal sensitive data from infected devices. Links leading to these malicious lures are then embedded in multiple domains propagated with phishing, malvertising, and search engine poisoning campaigns.

This vast operation appears to be the work of Russian-speaking threat actors based in the CIS. Besides GitHub, they also use FileZilla servers for management and distribution of their malware payloads.

Further analysis reveals that this campaign is part of a large-scale offensive aimed at spreading various other malware such as RedLine, Raccoon, Rhadamanthys and its disturbing resemblance to Lumma, DanaBot and DarkComet RAT, since at least August 2023. Victims landing on the fake app sites are also redirected to payloads hosted on Bitbucket and Dropbox, highlighting the widespread abuse of legitimate services.

Malware is distributed on the FTP client © justplay1412 / Shutterstock

Malware is distributed on the FTP client © justplay1412 / Shutterstock

How not to be fooled by these fake applications that hide malware

Because at the end of the day, GitCaught is nothing more than yet another malware campaign, the advice Clubic gives you applies to all others. Beware of versions of popular apps like 1Password, Bartender 5, and Pixelmator Pro coming from unofficial sources.
Be especially vigilant for suspicious links and attachments in emails, messages, and online advertisements. Do not click on questionable links or download files from unknown sources.

Keep all your software up to date by installing the latest security patches. Also enable auto-update when possible.
Use reliable antivirus and anti-malware software and keep it up to date. Perform comprehensive scans of your system regularly.

Be careful when downloading content from GitHub, Bitbucket, and other online code hosting platforms which can be, as we have just seen once again, exploited by attackers.

FileZillaFileZilla

Download

FileZilla

  • Quick Connect Bar
  • Quick start
  • Ease of use

FileZilla is one of the best free FTP clients. Despite an outdated interface, navigation is fluid and the features are accessible to all types of users. A French version is even available for those who have difficulty with English. In summary: to try it is to adopt it!

FileZilla is one of the best free FTP clients. Despite an outdated interface, navigation is fluid and the features are accessible to all types of users. A French version is even available for those who have difficulty with English. In summary: to try it is to adopt it!

Sources: The Hacker News, Recorded Future

Mélina LOUPIA

Mélina LOUPIA

Ex-corporate journalist, the world of the web, networks, connected machines and everything that is written on the Internet whets my appetite. From the latest TikTok trend to the most liked reels, I come from...

Read other articles

Ex-corporate journalist, the world of the web, networks, connected machines and everything that is written on the Internet whets my appetite. From the latest TikTok trend to the most liked reels, I come from the Facebook generation that still fascinates the internal war between Mac and PC. As a wise woman, the Internet, its tools, practices and regulation are among my favorite hobbies (that, lineart, knitting and bad jokes). My motto: to try it is to adopt it, but in complete safety.

Read other articles



[ad_2]

Source link -99