Hackers Exploit GitHub & FileZilla To Deliver Malware

Security researchers have discovered a new cybercrime campaign that exploits legitimate platforms to spread malware. 

The expert threat intelligence Insikt Group at Recorded Future has found a sophisticated cyber crime operation run by Russian-speaking threat actors. This group of hackers has used supposedly safe websites including GitHub and FileZilla to spread banking malware, which is very dangerous for both personal and business security. 

According the the report "The presence of multiple malware variants suggests a broad cross-platform targeting strategy, while the overlapping C2 infrastructure points to a centralised command setup, possibly increasing the efficiency of the attacks," 

GitHub & Filezilla  Exploited For Malware Distribution

In exposing the misuse of GitHub in cyber attacks the researchers conclude that the cyber crime operatives  behind this effort are highly skilled in the use of software management tools. In particular, they created fake GitHub accounts and repositories that resembled real software programs, such as Pixelmator Pro, 1Password, and Bartender 5. These fake versions were filled with malware, such as the Atomic MacOS Stealer (AMOS) and Vidar, meant to access users’ computers and steal private information.

In a similar exploit, cyber criminals have also used FileZilla, a well-know FTP client, to distribute malicious payloads, enabling them  to deliver attacks that steal personal information with apparent ease, using reputable  internet services.

It appears that the use of these types of malware were not separate incidents. Instead, they used the same command-and-control (C2) infrastructure, which shows that they worked together to make the strikes more powerful.  This shared C2 setup makes it look like the threat actors are part of a well-organised group with a lot of money that can start long-lasting cyberattacks on various devices and operating systems.

The changing nature of these types of malware makes it very hard for standard security measures to work and because software is always getting smarter and more complicated, cyber security needs to be proactive and flexible. 

The sophistication and complexity of the operation show how important it is to take a multi-layered approach to cybersecurity. 

Organisations are advised to follow strict security rules, especially when adding code outside their settings. Setting up a code review process for the whole company and using automated scanning tools like GitGuardian, Checkmarx, or GitHub Advanced Security can help find malware or identify suspicious patterns in the code. In particular, businesses should improve their general security by devising ways to monitor and block unauthorised programs and scripts from third parties that could be used to spread malware. 

It’s also important to share threat intelligence and to collaborate with the larger cybersecurity community to fight complex campaigns like the one reported here. 

The results from Recorded Future’s Insikt Group show the importance of being alert and taking action when online threats change. Cyber criminals are able to expploit use trusted platforms to spread malware, and businesses must stay alert and and have developed effective backup security measures to keep their systems and data safe.   

Recorded Future   |    Cybersecurity News   |     Hacker News    |      Spiceworks    |  Security Affairs   |    LinkedIn 

Image: PashaIgnatov

You Might Also Read: 

The Importance Of Formal Verification Networks For Secure Software

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Google AI Makes Embarrassing Errors
Five AI-driven Features to Enhance Payment Gateway Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

StoneFly

StoneFly

StoneFly offers High Availability, high performance cluster and scale out storage, and backup and disaster recovery appliances.

WireX Systems

WireX Systems

WireX is an innovative network intelligence and forensics company that is changing the way businesses resolve cyber-attacks.

Tigerscheme

Tigerscheme

Tigerscheme is a certification scheme for information security specialists, backed by University standards and covering a wide range of expertise.

MBL Technologies

MBL Technologies

MBL Technologies specializes in information assurance, enterprise security, privacy, and program/project management.

ABS Group

ABS Group

ABS Group provides risk and reliability solutions and technical services that help clients confirm the safety, integrity and security of critical assets and operations.

Solidified

Solidified

Solidified is the largest audit platform for smart contracts. Our community has the highest concentration of top Blockchain security specialists and best-in-class code auditors.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

Sekuro

Sekuro

Sekuro is your leading governance and cyber security partner. Building organisational resilience. Enabling fearless innovation.

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

At RIT’s Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Lancera

Lancera

Lancera provides growth accelerating Software Development, Web Presence and Cybersecurity Solutions with a focus on customer happiness.

eCapital

eCapital

eCAPITAL is a leading venture capital firm that provides early to growth stage funding to technology companies in fields including software & information technology, cybersecurity and industry 4.0.

Aptum

Aptum

Aptum is a global hybrid multi-cloud managed service provider delivering complex and high-performance cloud solutions with an integrated secure network.

Troye Computer Systems

Troye Computer Systems

Troye provide a complete range of digital workspace solutions that empower people to do their very best work in a safe and secure manner anywhere, anytime, using any device.

RunReveal

RunReveal

RunReveal's mission is to make sure no breach goes undetected. That means having a product that is accessible and effective for companies of all sizes.

Algoritha

Algoritha

Algoritha is a pioneering entity in the realm of security and forensic services.

NetBird

NetBird

NetBird combines a WireGuard-based overlay network with Zero Trust Network Access, providing a unified platform for reliable and secure connectivity.