Security News > 2024 > October > GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks
2024-10-11 17:13
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and InlandRevenue were
News URL
https://thehackernews.com/2024/10/github-telegram-bots-and-qr-codes.html
Related news
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks (source)
- GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Critical GitHub Attack (source)