Security News > 2024 > July > Over 3,000 GitHub accounts used by malware distribution service
Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service from over 3,000 fake accounts on GitHub that push information-stealing malware.
The malware delivery service is called Stargazers Ghost Network and it utilizes GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain malware.
"The campaigns performed by the Stargazers Ghost Network and malware distributed via this service are extremely successful," explains the report by Check Point Research.
The creator of the DaaS operation, Stargazer Goblin, has been actively promoting the malware distribution service on the dark web since June 2023.
The researchers note that it could be one of the potentially multiple examples of channels used to funnel traffic to phishing repositories or malware distribution sites.
Although GitHub has taken action against many of the malicious and essentially fake repositories, taking down over 1,500 since May 2024, Check Point says that over 200 are currently active and continue to distribute malware.