Security News > 2024 > July > Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank

Infosec researchers have discovered a network of over three thousand malicious GitHub accounts used to spread malware, targeting groups including gamers, malware researchers, and even other threat actors who themselves seek to spread malware.

The first account serves the "Phishing" repository template; The second account provides the "Image" used for the phishing template; The third account serves malware as a password-protected archive in a Release.

Over a thousand users downloaded the malware in two weeks, the researchers claim, based on a statistics page they found on the host website for the malware.

Terefos thinks some of the group's campaigns may even have targeted infosec researchers, or rival malware gangs, as the phishing link led to a cracked version of the known infostealer RisePro that had been modified to spread malware.

The study also suggests that the Atlantida campaign targeted users interested in social media in order to acquire accounts on other platforms, which can be used to spread malware just like GitHub.

We disabled user accounts in accordance with GitHub's Acceptable Use Policies, which prohibit posting content that directly supports unlawful active attack or malware campaigns that are causing technical harm.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/26/github_stargazers_goblin_malware/