Ghost Accounts Spreading Malware On GitHub

Uploaded on 2024-07-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

GitHub is the world’s largest source code host, is integral to more than 100 million developers hosting more than 420 million public repositories. 

Now, researchers at Check Point have uncovered a sophisticated assembly of ghost accounts that distribute malware through phishing repositories, leveraging fake accounts to organically perform phishing attacks, by making the repositories appear legitimate by starring, forking, and subscribing to them. 

The operator of this Ghost network is an individual known as Stargazer Goblin, who only came to the fore about a year ago, when Check Point first saw an advertisement in Dark Web forums, with a price list of each action that could be taken. 

The network operates the Stargazers Ghost Network which distributes malware and links via an estimated 3,000 GitHub Ghost accounts.

Impact: These malicious repositories are highly victim-oriented, targeting users interested in social media, gaming, crypto-currency, and more. The consequences of falling victim to these attacks range from ransomware infections through these fake accounts, to stolen credentials used in threats or other phishing attacks, and compromised crypto-currency wallets. 

Although the current targets are primarily Windows users, similar methods could target Linux or Android users, sparking a much wider impact on victims.  

Economic Toll: From mid-May to mid-June 2024 alone, Stargazer Goblin, earned approximately $8,000. Since the network's suspected inception in August 2022, it is estimated to have generated over $100,000 through more than 3,000 ghost accounts on GitHub.

Call to Action: Given the severity of these findings, Check Point Research urges GitHub users to exercise extreme caution with repositories containing download links for executables, even from reputable sources, or commits that change or add links.

Cyber Security, Research Manager, Check Point Research, Alexander Chailytko, commented “It's alarming to see how a large source code platform like GitHub, with more than 14 million visitors per day, is being utilised for malware distribution, especially by a well-organised one like Stargazers Ghost Network... 

“Considering precise targeting, this threat could affect a vast number of victims worldwide, with more impactful consequences in addition to possible ransomware infections, stolen credentials, and compromised crypto-currency wallets."

Check Point were also able to identify a similar looking campaign operating on YouTube video hosting, which they think indicates a there is a switch in malware Distribution as a Service (DaaS) approach. According to Chailytko, this will have the effect of "... leveraging more popular platforms to propagate infections to as many users as possible in a more covert way, with this GitHub account network being part of a wider scheme of malicious distribution.”

Check Point    |     NVAccess   |   ITPro    |    Dark Reading 

Image: Ideogram

You Might Also Read:

Hackers Exploit GitHub & FileZilla To Deliver Malware:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« Most Wanted - North Korean Hackers 
Video Game Actors Fear Being Replace By AI  »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Security Research Labs (SRLabs)

Security Research Labs (SRLabs)

Security Research Labs is a Berlin-based hacking research collective and consulting think tank.

Yokogawa Electric

Yokogawa Electric

Yokogawa is an electrical engineering company providing measurement, control, and information technologies including industrial cyber security.

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

Mitek Systems

Mitek Systems

Mitek's global mobile capture and identity verification technology optimizes the digital user experience for thousands of financial services organizations.

FileWave

FileWave

FileWave offers a single solution for managing apps, devices, and more for Mac, Windows, and mobile devices.

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

IntaPeople

IntaPeople

IntaPeople are IT and engineering recruitment specialists. We have specialist teams for job sectors including Cybersecurity, IT infrastructure and DevOps.

Forever Group

Forever Group

Forever Group is a Managed Services Provider specialising in Telecommunications, IT Support, and Cyber Security.

NAK Consulting Services

NAK Consulting Services

NAK is helping organisations to create Secure, Agile IT Environments. Our goal is to be the trusted advisor and managed service partner for our clients.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

CyberXpert

CyberXpert

CyberXpert is your cybersecurity partner for the public and private sector in Belgium.

Kontra

Kontra

Kontra application security training is an interactive and intuitive learning experience that engages developers.

ITButler e-Services

ITButler e-Services

At IT Butler, our mission is crystal clear: we are dedicated to providing top-tier cybersecurity solutions and best-practice methodologies to secure and enhance your digital infrastructure’s resilienc

Camms

Camms

Camms are a team of experienced professionals dedicated to providing innovative GRC software solutions that help organizations manage risk, make informed decisions, and drive positive change.

RedLattice

RedLattice

RedLattice are at the cutting edge of tool development and AI-assisted vulnerability research in cybersecurity.

Defend

Defend

DEFEND are 100% focused on providing managed cybersecurity solutions and services that make a real difference to the cyber resilience of your organisation.