STRRAT and Vcurms Malware Abuse GitHub for Spreading

Attackers are using GitHub as a source for the final payload

A new phishing campaign has recently been discovered that uses GitHub to deliver Remote Access Trojans (RAT) STRRAT and Vcurms via a malicious Java downloader. ANY.RUN specialists have detected the active spread of these malicious programs and warn users against potential threats. Short About STRRAT and Vcurms STRRAT is a Java-based RAT, notorious for its… Continue reading STRRAT and Vcurms Malware Abuse GitHub for Spreading

RepoJacking Attacks Could Threaten Millions of GitHub Repositories

Aqua researchers believe that millions of repositories on GitHub are vulnerable to an attack that allows taking over other people’s repositories and is called RepoJacking. The issue is reportedly affecting the repositories of Google, Lyft, and other major companies. Let me remind you that we also wrote that Malware in GitHub Repositories Is Spread From… Continue reading RepoJacking Attacks Could Threaten Millions of GitHub Repositories

Malware in GitHub Repositories Is Spread From Fake Security Company Name

Some exploits' PoC published on GitHub turned out to be malware

Researchers detected fake company accounts on GitHub linked to a deceitful cybersecurity company. These accounts are promoting harmful repositories on the code hosting service. According to the experts, all repositories claim a proof-of-concept (PoC) exploit for alleged zero-day vulnerabilities in Discord, Google Chrome, and Microsoft Exchange. Though in fact, that was a yet another example… Continue reading Malware in GitHub Repositories Is Spread From Fake Security Company Name

Attackers Can Use GitHub Codespaces to Host and Deliver Malware

Trend Micro reports that the GitHub Codespaces cloud development environment, available to the public use since November 2022, can be used to store and deliver malware, as well as malicious scripts. Let me remind you that we also talked about Hackers Bypass CAPTCHA on GitHub to Automate Account Creation, and also that Hackers compromised Slack… Continue reading Attackers Can Use GitHub Codespaces to Host and Deliver Malware

Hackers Bypass CAPTCHA on GitHub to Automate Account Creation

The South African hack group Automated Libra is looking for new approaches to use the resources of cloud platforms for cryptocurrency mining: hackers bypass CAPTCHA on GitHub. Let me remind you that we also wrote that Hackers force users to solve CAPTCHA, and also that New hCaptcha bypass method may not affect Cloudflare’s security. According… Continue reading Hackers Bypass CAPTCHA on GitHub to Automate Account Creation

Hackers compromised Slack private GitHub repositories

On December 31, while everyone was celebrating the New Year, Salesforce, the company behind the development of the corporate Slack messenger, published a message about the incident of compromising Slack repositories on GitHub. Let me remind you that recently MI also wrote that Slack Is Resetting User Passwords Due to a Bug, and also that… Continue reading Hackers compromised Slack private GitHub repositories

Open-Source Cryptor Cryptonite Became a Wiper due to a Bug

Fortinet researchers studied the recently appeared open-source cryptor Cryptonite, distributed for free on GitHub. It turned out that the creator of the malware made a mistake in the code, and the malware did not encrypt, but destroyed the data of the victims. Let me remind you that we also wrote about FBI Says Cuba Ransomware… Continue reading Open-Source Cryptor Cryptonite Became a Wiper due to a Bug

Thousands of GitHub Repositories Spread Malware That Is Disguised as Exploits

Experts from the Leiden Institute for Advanced Computer Science have discovered thousands of GitHub repositories with fake PoC exploits for various vulnerabilities that spread malware. It turned out that the probability of infection with malware when downloading PoC can reach 10.3%, even if outright fakes are excluded. Let me remind you that we also reported… Continue reading Thousands of GitHub Repositories Spread Malware That Is Disguised as Exploits

Hackers Use CircleCI Fake Notifications to Access GitHub Accounts

GitHub warns that a large-scale phishing campaign aimed at users began on September 16: scammers send emails with fake notifications on behalf of the Circle CI service, which is used for continuous development and deployment. Let me remind you that we also said that GitHub will replace the term “master” with a more neutral one,… Continue reading Hackers Use CircleCI Fake Notifications to Access GitHub Accounts

Developer of CodeRAT Trojan Releases Source Code

The source code for the CodeRAT remote access trojan has been published on GitHub. This happened after the security researchers identified the malware developer and called him to account because of the attacks in which this “tool” was used. SafeBreach experts say that the attacks using CodeRAT were built as follows: the campaign was aimed… Continue reading Developer of CodeRAT Trojan Releases Source Code