BENGALURU: With the cybercrime landscape constantly evolving, threat actors are also finding new sophisticated ways to infect victims, get access to sensitive information, and cause harm. In its latest blog post, Check Point Research explains how the Stargazers Ghost Network is distributing malware through phishing repositories. This is the first time such an operation has been identified on the GitHub platform.
GitHub is commonly used to host open-source software development projects. It is also the world’s largest source code host with over 100 million developers, more than 420 million repositories, and 14 million visitors per day. It is on this platform that the Stargazers Ghost Network was found to be distributing malware and malicious links through phishing repositories of fake accounts.
What is alarming that such type of operation, where fake accounts are instrumented to organically perform phishing attacks to distribute malware, has never been seen before. The sophistication of this network lies in its ability to make malicious repositories appear legitimate through actions like starring (liking), forking (retweeting), and subscribing.
Check Point reveals that those repositories use phishing templates and tags that are highly victim-oriented, targeting users with various interests in social media, gaming, cryptocurrency, and many others. Such types of operations can create a significant impact as they are heavily victim-oriented, making infections of such victims even more severe with victims facing threats such as Ransomware infections to stolen credentials and compromised cryptocurrency wallets. Those GitHub repositories currently target mainly Windows users, though similar malware distribution methods can be used to target Linux or Android users, all of whom also have large user databases, marking a greater impact on the community, it added.
Recently, crypto exchange WazirX suffered a security breach as $234.9 million of funds have been moved to a new address. One of its multi-sig wallets experienced the breach. Crypto exchanges have now become a major target for hackers.