Hackers Exploit GitHub & FileZilla To Deliver Malware

Security researchers have discovered a new cybercrime campaign that exploits legitimate platforms to spread malware. 

The expert threat intelligence Insikt Group at Recorded Future has found a sophisticated cyber crime operation run by Russian-speaking threat actors. This group of hackers has used supposedly safe websites including GitHub and FileZilla to spread banking malware, which is very dangerous for both personal and business security. 

According the the report "The presence of multiple malware variants suggests a broad cross-platform targeting strategy, while the overlapping C2 infrastructure points to a centralised command setup, possibly increasing the efficiency of the attacks," 

GitHub & Filezilla  Exploited For Malware Distribution

In exposing the misuse of GitHub in cyber attacks the researchers conclude that the cyber crime operatives  behind this effort are highly skilled in the use of software management tools. In particular, they created fake GitHub accounts and repositories that resembled real software programs, such as Pixelmator Pro, 1Password, and Bartender 5. These fake versions were filled with malware, such as the Atomic MacOS Stealer (AMOS) and Vidar, meant to access users’ computers and steal private information.

In a similar exploit, cyber criminals have also used FileZilla, a well-know FTP client, to distribute malicious payloads, enabling them  to deliver attacks that steal personal information with apparent ease, using reputable  internet services.

It appears that the use of these types of malware were not separate incidents. Instead, they used the same command-and-control (C2) infrastructure, which shows that they worked together to make the strikes more powerful.  This shared C2 setup makes it look like the threat actors are part of a well-organised group with a lot of money that can start long-lasting cyberattacks on various devices and operating systems.

The changing nature of these types of malware makes it very hard for standard security measures to work and because software is always getting smarter and more complicated, cyber security needs to be proactive and flexible. 

The sophistication and complexity of the operation show how important it is to take a multi-layered approach to cybersecurity. 

Organisations are advised to follow strict security rules, especially when adding code outside their settings. Setting up a code review process for the whole company and using automated scanning tools like GitGuardian, Checkmarx, or GitHub Advanced Security can help find malware or identify suspicious patterns in the code. In particular, businesses should improve their general security by devising ways to monitor and block unauthorised programs and scripts from third parties that could be used to spread malware. 

It’s also important to share threat intelligence and to collaborate with the larger cybersecurity community to fight complex campaigns like the one reported here. 

The results from Recorded Future’s Insikt Group show the importance of being alert and taking action when online threats change. Cyber criminals are able to expploit use trusted platforms to spread malware, and businesses must stay alert and and have developed effective backup security measures to keep their systems and data safe.   

Recorded Future   |    Cybersecurity News   |     Hacker News    |      Spiceworks    |  Security Affairs   |    LinkedIn 

Image: PashaIgnatov

You Might Also Read: 

The Importance Of Formal Verification Networks For Secure Software

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Google AI Makes Embarrassing Errors
Five AI-driven Features to Enhance Payment Gateway Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cloudbric

Cloudbric

Cloudbric is a cloud-based web security service, offering award-winning WAF, DDoS protection, and SSL, all in a full-service package.

GTB Technologies

GTB Technologies

GTB Technologies is a cyber security company that focuses on providing enterprise class data protection and data loss prevention solutions.

Cambridge Intelligence

Cambridge Intelligence

Cambridge Intelligence are experts in network visualization and finding hidden trends in complex connected data. Applications include cybersecurity.

Alan Boswell Group

Alan Boswell Group

We are a Group of Companies providing specialist Insurance Broking and Risk Management advice and services including Cyber Risk cover.

Towergate Insurance

Towergate Insurance

Towergate Insurance is a leading UK specialist insurance broker. Business products include Cyber Liability Insurance.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard (aka Don't Be Breached) informs Security Professionals and DBAs of Zero Day, Ransomware and Data Breach attacks within milli-seconds

ENAC

ENAC

ENAC is the national accreditation body for Spain. The directory of members provides details of organisations offering certification services for ISO 27001.

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

PQShield

PQShield

PQShield are specialists in Post-Quantum Cryptography. We provide quantum-secure cryptographic solutions for software, software/hardware co-design and data in transit.

Elemental Cyber Security

Elemental Cyber Security

Elemental is a game changing cyber security compliance automation and enforcement technology provider.

Node4

Node4

Node4 provide advanced, cloud-led digital transformation solutions, delivered with technical expertise, innovation and exceptional service to drive your business forwards.

tru.ID

tru.ID

We’re tru.ID, and we're reimagining mobile authentication, one API at a time.

Gatefy

Gatefy

Getfy is a cybersecurity company specialized in artificial intelligence and machine learning. We work to solve challenging issues, especially those involving email security.

SIEM Xpert

SIEM Xpert

SIEM Xpert is a leader in Cyber Security Trainings and services since 2015.

Point Wild

Point Wild

Point Wild is a holding company that acquires, integrates and manages a diverse portfolio of best-in-class cybersecurity brands for consumers and enterprises.