Hackers Exploit GitHub & FileZilla To Deliver Malware

Uploaded on 2024-05-29 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Security researchers have discovered a new cybercrime campaign that exploits legitimate platforms to spread malware. 

The expert threat intelligence Insikt Group at Recorded Future has found a sophisticated cyber crime operation run by Russian-speaking threat actors. This group of hackers has used supposedly safe websites including GitHub and FileZilla to spread banking malware, which is very dangerous for both personal and business security. 

According the the report "The presence of multiple malware variants suggests a broad cross-platform targeting strategy, while the overlapping C2 infrastructure points to a centralised command setup, possibly increasing the efficiency of the attacks," 

GitHub & Filezilla  Exploited For Malware Distribution

In exposing the misuse of GitHub in cyber attacks the researchers conclude that the cyber crime operatives  behind this effort are highly skilled in the use of software management tools. In particular, they created fake GitHub accounts and repositories that resembled real software programs, such as Pixelmator Pro, 1Password, and Bartender 5. These fake versions were filled with malware, such as the Atomic MacOS Stealer (AMOS) and Vidar, meant to access users’ computers and steal private information.

In a similar exploit, cyber criminals have also used FileZilla, a well-know FTP client, to distribute malicious payloads, enabling them  to deliver attacks that steal personal information with apparent ease, using reputable  internet services.

It appears that the use of these types of malware were not separate incidents. Instead, they used the same command-and-control (C2) infrastructure, which shows that they worked together to make the strikes more powerful.  This shared C2 setup makes it look like the threat actors are part of a well-organised group with a lot of money that can start long-lasting cyberattacks on various devices and operating systems.

The changing nature of these types of malware makes it very hard for standard security measures to work and because software is always getting smarter and more complicated, cyber security needs to be proactive and flexible. 

The sophistication and complexity of the operation show how important it is to take a multi-layered approach to cybersecurity. 

Organisations are advised to follow strict security rules, especially when adding code outside their settings. Setting up a code review process for the whole company and using automated scanning tools like GitGuardian, Checkmarx, or GitHub Advanced Security can help find malware or identify suspicious patterns in the code. In particular, businesses should improve their general security by devising ways to monitor and block unauthorised programs and scripts from third parties that could be used to spread malware. 

It’s also important to share threat intelligence and to collaborate with the larger cybersecurity community to fight complex campaigns like the one reported here. 

The results from Recorded Future’s Insikt Group show the importance of being alert and taking action when online threats change. Cyber criminals are able to expploit use trusted platforms to spread malware, and businesses must stay alert and and have developed effective backup security measures to keep their systems and data safe.   

Recorded Future   |    Cybersecurity News   |     Hacker News    |      Spiceworks    |  Security Affairs   |    LinkedIn 

Image: PashaIgnatov

You Might Also Read: 

The Importance Of Formal Verification Networks For Secure Software

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Google AI Makes Embarrassing Errors
Five AI-driven Features to Enhance Payment Gateway Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Site24x7

Site24x7

Site24x7 is an AI-powered observability platform for DevOps and IT operations.

Stott & May

Stott & May

Stott & May is a specialist cyber security recruitment agency.

Riverside Research

Riverside Research

Riverside Research is a not-for-profit organization chartered to advance scientific research in areas including Trusted & Resilient Systems.

RCMP National Cybercrime Coordination Unit (NC3)

RCMP National Cybercrime Coordination Unit (NC3)

As set out in the Government of Canada's National Cyber Security Strategy, the RCMP has established the National Cybercrime Coordination Unit (NC3).

Stratus Cyber

Stratus Cyber

Stratus Cyber is a premier Cyber Security company specializing in Managed Security Services. Our services include Blockchain Security, Pentesting, and Compliance Assessments.

Nihon Cyber Defense

Nihon Cyber Defense

Nihon Cyber Defence’s mission is to provide robust solutions, services and support to governments, corporates and organisations in order to protect them from all forms of cyber warfare.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

Deepnet Security

Deepnet Security

Deepnet Security is a leading security software developer and hardware provider in Multi-Factor Authentication (MFA), Single Sign-On (SSO) and Identity & Access Management (IAM).

Finnish Security & Intelligence Service (SUPO)

Finnish Security & Intelligence Service (SUPO)

The Finnish Security and Intelligence Service is a government agency tasked with combating serious threats to national security in Finland.

Fortified Health Security

Fortified Health Security

Fortified’s team of cybersecurity specialists is dedicated to helping healthcare providers, payers and business associates protect their patient data across the Fortified Healthcare Ecosystem.

Xalient

Xalient

Xalient is an IT consulting and managed services business, specialising in modern, software-defined networking, security and communications technologies.

Mailinblack

Mailinblack

Mailinblack protects your organisation against email threats with an innovative solution that meets your security requirements.

ISSQUARED

ISSQUARED

ISSQUARED is a leading provider of Cyber Security, Cloud, Infrastructure, Consulting and Digital Transformation services.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

SecondSight

SecondSight

SecondSight’s Vertical AI embodies a full-spectrum approach to cyber insurance, facilitating accurate digital risk profiling.