Security News > 2024 > July > Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank

Infosec researchers have discovered a network of over three thousand malicious GitHub accounts used to spread malware, targeting groups including gamers, malware researchers, and even other threat actors who themselves seek to spread malware.
The first account serves the "Phishing" repository template; The second account provides the "Image" used for the phishing template; The third account serves malware as a password-protected archive in a Release.
Over a thousand users downloaded the malware in two weeks, the researchers claim, based on a statistics page they found on the host website for the malware.
Terefos thinks some of the group's campaigns may even have targeted infosec researchers, or rival malware gangs, as the phishing link led to a cracked version of the known infostealer RisePro that had been modified to spread malware.
The study also suggests that the Atlantida campaign targeted users interested in social media in order to acquire accounts on other platforms, which can be used to spread malware just like GitHub.
We disabled user accounts in accordance with GitHub's Acceptable Use Policies, which prohibit posting content that directly supports unlawful active attack or malware campaigns that are causing technical harm.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/07/26/github_stargazers_goblin_malware/
Related news
- GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets (source)
- 200-plus impressively convincing GitHub repos are serving up malware (source)
- Hundreds of GitHub repos served up malware for years (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth (source)