Ghost Accounts Spreading Malware On GitHub

GitHub is the world’s largest source code host, is integral to more than 100 million developers hosting more than 420 million public repositories. 

Now, researchers at Check Point have uncovered a sophisticated assembly of ghost accounts that distribute malware through phishing repositories, leveraging fake accounts to organically perform phishing attacks, by making the repositories appear legitimate by starring, forking, and subscribing to them. 

The operator of this Ghost network is an individual known as Stargazer Goblin, who only came to the fore about a year ago, when Check Point first saw an advertisement in Dark Web forums, with a price list of each action that could be taken. 

The network operates the Stargazers Ghost Network which distributes malware and links via an estimated 3,000 GitHub Ghost accounts.

Impact: These malicious repositories are highly victim-oriented, targeting users interested in social media, gaming, crypto-currency, and more. The consequences of falling victim to these attacks range from ransomware infections through these fake accounts, to stolen credentials used in threats or other phishing attacks, and compromised crypto-currency wallets. 

Although the current targets are primarily Windows users, similar methods could target Linux or Android users, sparking a much wider impact on victims.  

Economic Toll: From mid-May to mid-June 2024 alone, Stargazer Goblin, earned approximately $8,000. Since the network's suspected inception in August 2022, it is estimated to have generated over $100,000 through more than 3,000 ghost accounts on GitHub.

Call to Action: Given the severity of these findings, Check Point Research urges GitHub users to exercise extreme caution with repositories containing download links for executables, even from reputable sources, or commits that change or add links.

Cyber Security, Research Manager, Check Point Research, Alexander Chailytko, commented “It's alarming to see how a large source code platform like GitHub, with more than 14 million visitors per day, is being utilised for malware distribution, especially by a well-organised one like Stargazers Ghost Network... 

“Considering precise targeting, this threat could affect a vast number of victims worldwide, with more impactful consequences in addition to possible ransomware infections, stolen credentials, and compromised crypto-currency wallets."

Check Point were also able to identify a similar looking campaign operating on YouTube video hosting, which they think indicates a there is a switch in malware Distribution as a Service (DaaS) approach. According to Chailytko, this will have the effect of "... leveraging more popular platforms to propagate infections to as many users as possible in a more covert way, with this GitHub account network being part of a wider scheme of malicious distribution.”

Check Point    |     NVAccess   |   ITPro    |    Dark Reading 

Image: Ideogram

You Might Also Read:

Hackers Exploit GitHub & FileZilla To Deliver Malware:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

 

« Most Wanted - North Korean Hackers 
Video Game Actors Fear Being Replace By AI  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

PhishLabs

PhishLabs

PhishLabs provides 24/7 services that help organizations protect against the cyberattacks targeting their employees, their customers and their brands.

Cimcor

Cimcor

Cimcor’s flagship software product, CimTrak, helps organizations to monitor and protect a wide range of physical, network and virtual IT assets in real-time.

Matias Consulting Group (MCG)

Matias Consulting Group (MCG)

Your Business needs competitive and resilient ICT solutions. MCG defines, deploy & support them enabling you to focus on your core business.

Fischer Identity

Fischer Identity

Fischer Identity provide identity & access management and identity governance administration solutions.

DestructData

DestructData

DestructData is a leading independent provider of End of Life data destruction/security solutions.

Secure IT Disposals

Secure IT Disposals

Secure IT Disposals specialise in professional Computer Recycling, Computer Disposals, Computer Destruction, Data Erasure and end-of-lifecycle solutions.

Kiuwan

Kiuwan

Kiuwan provide software security solutions with SAST and SCA source-code analysis that fit into your DevOps process.

StoneLock

StoneLock

StoneLock is a trusted leader in the design and manufacture of facial recognition software and technology.

UTMStack

UTMStack

UTMStack is a Unified Security Management system that includes SIEM, Vulnerability Management, Network and Host IDS/IPS, Asset Discovery, Endpoint Protection and Incident Response.

Sontiq

Sontiq

Sontiq is committed to providing best-in-class, highly scalable, award-winning identity security solutions to consumers, businesses and government agencies.

QuoIntelligence

QuoIntelligence

QuoIntelligence experts can help your team understand the evolving cyber threats and provide simple yet comprehensive recommendations so you can focus on what matters.

Onesecure Asia

Onesecure Asia

ONESECURE Asia’s expertise and services are built around its mission to provide reliable, robust and scalable technology solutions to cater for its customers’ needs.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

VMware

VMware

VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control.

Carahsoft Technology Corp

Carahsoft Technology Corp

Carahsoft Technology is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets.

Kontra

Kontra

Kontra application security training is an interactive and intuitive learning experience that engages developers.

Argenta Talent Acquisition

Argenta Talent Acquisition

Argenta Talent Acquisition is a recruitment partner specializing in Space and Defense, Intelligence Community, all things Technical, Cyber, and Logistics.