[ad_1]
Dubbed GitCaught by the researchers who discovered it, this banking malware and Trojan distribution campaign used a Github profile to then impersonate popular and legal tools in order to deceive victims.
Whether they’re called GitHub or FileZilla, the general public is certainly familiar with these tools. And for good reason, the collaborative development platform and the FTP client are the most popular in their respective swimming lanes. A popularity that leaves no one indifferent, especially not hackers, who also know how to take advantage of these tools to carry out their dirty work. In April 2024, GitHub was infested with malware which was embedded in its search system.
This time, the hackers, whom the researchers who discovered the campaign identified as a Russian-speaking gang from the Commonwealth of Independent States (CIS), had to go through a GitHub profile and then “ impersonate legitimate software applications » to betray the trust of victims and serve them their “ malicious cocktails “.
GitCaught campaign abuses legitimate services to spread its malware cocktail
The malware campaign, dubbed GitCaught, leverages popular online services like GitHub and FileZilla to distribute an array of malware and banking Trojans such as Atomic (aka AMOS), Vidar, Lumma (LummaC2), and Octo. The objective is to pass them off as credible and popular applications like 1Password, Bartender 5, or, to name a few, Pixelmator Pro.
Attackers create fake profiles and repositories on GitHub where they host counterfeit versions of these trusted software. These trapped files are designed to steal sensitive data from infected devices. Links leading to these malicious lures are then embedded in multiple domains propagated with phishing, malvertising, and search engine poisoning campaigns.
This vast operation appears to be the work of Russian-speaking threat actors based in the CIS. Besides GitHub, they also use FileZilla servers for management and distribution of their malware payloads.
Further analysis reveals that this campaign is part of a large-scale offensive aimed at spreading various other malware such as RedLine, Raccoon, Rhadamanthys and its disturbing resemblance to Lumma, DanaBot and DarkComet RAT, since at least August 2023. Victims landing on the fake app sites are also redirected to payloads hosted on Bitbucket and Dropbox, highlighting the widespread abuse of legitimate services.
How not to be fooled by these fake applications that hide malware
Because at the end of the day, GitCaught is nothing more than yet another malware campaign, the advice Clubic gives you applies to all others. Beware of versions of popular apps like 1Password, Bartender 5, and Pixelmator Pro coming from unofficial sources.
Be especially vigilant for suspicious links and attachments in emails, messages, and online advertisements. Do not click on questionable links or download files from unknown sources.
Keep all your software up to date by installing the latest security patches. Also enable auto-update when possible.
Use reliable antivirus and anti-malware software and keep it up to date. Perform comprehensive scans of your system regularly.
Be careful when downloading content from GitHub, Bitbucket, and other online code hosting platforms which can be, as we have just seen once again, exploited by attackers.
Download
- Quick Connect Bar
- Quick start
- Ease of use
FileZilla is one of the best free FTP clients. Despite an outdated interface, navigation is fluid and the features are accessible to all types of users. A French version is even available for those who have difficulty with English. In summary: to try it is to adopt it!
FileZilla is one of the best free FTP clients. Despite an outdated interface, navigation is fluid and the features are accessible to all types of users. A French version is even available for those who have difficulty with English. In summary: to try it is to adopt it!
Sources: The Hacker News, Recorded Future
[ad_2]
Source link -99
2