Hackers Exploit GitHub & FileZilla To Deliver Malware

Uploaded on 2024-05-29 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Security researchers have discovered a new cybercrime campaign that exploits legitimate platforms to spread malware. 

The expert threat intelligence Insikt Group at Recorded Future has found a sophisticated cyber crime operation run by Russian-speaking threat actors. This group of hackers has used supposedly safe websites including GitHub and FileZilla to spread banking malware, which is very dangerous for both personal and business security. 

According the the report "The presence of multiple malware variants suggests a broad cross-platform targeting strategy, while the overlapping C2 infrastructure points to a centralised command setup, possibly increasing the efficiency of the attacks," 

GitHub & Filezilla  Exploited For Malware Distribution

In exposing the misuse of GitHub in cyber attacks the researchers conclude that the cyber crime operatives  behind this effort are highly skilled in the use of software management tools. In particular, they created fake GitHub accounts and repositories that resembled real software programs, such as Pixelmator Pro, 1Password, and Bartender 5. These fake versions were filled with malware, such as the Atomic MacOS Stealer (AMOS) and Vidar, meant to access users’ computers and steal private information.

In a similar exploit, cyber criminals have also used FileZilla, a well-know FTP client, to distribute malicious payloads, enabling them  to deliver attacks that steal personal information with apparent ease, using reputable  internet services.

It appears that the use of these types of malware were not separate incidents. Instead, they used the same command-and-control (C2) infrastructure, which shows that they worked together to make the strikes more powerful.  This shared C2 setup makes it look like the threat actors are part of a well-organised group with a lot of money that can start long-lasting cyberattacks on various devices and operating systems.

The changing nature of these types of malware makes it very hard for standard security measures to work and because software is always getting smarter and more complicated, cyber security needs to be proactive and flexible. 

The sophistication and complexity of the operation show how important it is to take a multi-layered approach to cybersecurity. 

Organisations are advised to follow strict security rules, especially when adding code outside their settings. Setting up a code review process for the whole company and using automated scanning tools like GitGuardian, Checkmarx, or GitHub Advanced Security can help find malware or identify suspicious patterns in the code. In particular, businesses should improve their general security by devising ways to monitor and block unauthorised programs and scripts from third parties that could be used to spread malware. 

It’s also important to share threat intelligence and to collaborate with the larger cybersecurity community to fight complex campaigns like the one reported here. 

The results from Recorded Future’s Insikt Group show the importance of being alert and taking action when online threats change. Cyber criminals are able to expploit use trusted platforms to spread malware, and businesses must stay alert and and have developed effective backup security measures to keep their systems and data safe.   

Recorded Future   |    Cybersecurity News   |     Hacker News    |      Spiceworks    |  Security Affairs   |    LinkedIn 

Image: PashaIgnatov

You Might Also Read: 

The Importance Of Formal Verification Networks For Secure Software

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Google AI Makes Embarrassing Errors
Five AI-driven Features to Enhance Payment Gateway Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

ITrust

ITrust

French cybersecurity pure player since 2007. ITrust offers its Cyber expertise services and develops disruptive products in Cyber/Artificial Intelligence.

C2B2 Consulting

C2B2 Consulting

C2B2 are experts in middleware support and consultancy. We specialise in ensuring scalability, performance and security of large scale systems.

SKOUT Secure Intelligence

SKOUT Secure Intelligence

SkOUT Secure Intelligence (formerly Oxford Solutions) provides cyber security monitoring services to organizations around the globe.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

Inogesis

Inogesis

Verifi

Verifi

Verifi is an award-winning provider of end-to-end payment protection and risk management solutions.

Desec Security

Desec Security

Desec's training platform allows professionals around of the world to acquire knowledge and practical experience in Information Security.

Alertot

Alertot

Hackers attack minutes after a new vulnerability is published. Alertot helps to decrease exposure time in organizations by notifying new issues when they are disclosed.

MetaWeb Ventures

MetaWeb Ventures

MetaWeb Ventures is a global venture capital firm focused on pre-seed and seed investments in crypto start-ups.

Oxeye

Oxeye

Oxeye fills the gap between cloud and code to show exploitable vulnerabilities, and their path from API to code. More visibility. Less noise. More time to build.

Arakyta

Arakyta

Arakÿta specializes in business strategy, work flow process and IT systems for organizations.

Myrror Security

Myrror Security

Myrror Security is a software supply chain security solution that aids lean security teams in safeguarding their software against breaches.

Cakewalk

Cakewalk

Cakewalk is the new standard in easy Access Control. Trusted by IT & Security teams. Loved by employees.

Trium Cyber

Trium Cyber

Trium Cyber - Expert Cyber Underwriting and Claims Management. Based in the US and UK. Backed by Lloyd’s of London.

Tamnoon

Tamnoon

Tamnoon is the Managed Cloud Detection and Response platform that helps you turn CNAPP and CSPM alerts into action and fortify your cloud security posture.