Security News > 2024 > July > Over 3,000 GitHub accounts used by malware distribution service

Over 3,000 GitHub accounts used by malware distribution service
2024-07-24 21:58

Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service from over 3,000 fake accounts on GitHub that push information-stealing malware.

The malware delivery service is called Stargazers Ghost Network and it utilizes GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain malware.

"The campaigns performed by the Stargazers Ghost Network and malware distributed via this service are extremely successful," explains the report by Check Point Research.

The creator of the DaaS operation, Stargazer Goblin, has been actively promoting the malware distribution service on the dark web since June 2023.

The researchers note that it could be one of the potentially multiple examples of channels used to funnel traffic to phishing repositories or malware distribution sites.

Although GitHub has taken action against many of the malicious and essentially fake repositories, taking down over 1,500 since May 2024, Check Point says that over 200 are currently active and continue to distribute malware.


News URL

https://www.bleepingcomputer.com/news/security/over-3-000-github-accounts-used-by-malware-distribution-service/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 3 42 30 15 90