Ghost Accounts Spreading Malware On GitHub

GitHub is the world’s largest source code host, is integral to more than 100 million developers hosting more than 420 million public repositories. 

Now, researchers at Check Point have uncovered a sophisticated assembly of ghost accounts that distribute malware through phishing repositories, leveraging fake accounts to organically perform phishing attacks, by making the repositories appear legitimate by starring, forking, and subscribing to them. 

The operator of this Ghost network is an individual known as Stargazer Goblin, who only came to the fore about a year ago, when Check Point first saw an advertisement in Dark Web forums, with a price list of each action that could be taken. 

The network operates the Stargazers Ghost Network which distributes malware and links via an estimated 3,000 GitHub Ghost accounts.

Impact: These malicious repositories are highly victim-oriented, targeting users interested in social media, gaming, crypto-currency, and more. The consequences of falling victim to these attacks range from ransomware infections through these fake accounts, to stolen credentials used in threats or other phishing attacks, and compromised crypto-currency wallets. 

Although the current targets are primarily Windows users, similar methods could target Linux or Android users, sparking a much wider impact on victims.  

Economic Toll: From mid-May to mid-June 2024 alone, Stargazer Goblin, earned approximately $8,000. Since the network's suspected inception in August 2022, it is estimated to have generated over $100,000 through more than 3,000 ghost accounts on GitHub.

Call to Action: Given the severity of these findings, Check Point Research urges GitHub users to exercise extreme caution with repositories containing download links for executables, even from reputable sources, or commits that change or add links.

Cyber Security, Research Manager, Check Point Research, Alexander Chailytko, commented “It's alarming to see how a large source code platform like GitHub, with more than 14 million visitors per day, is being utilised for malware distribution, especially by a well-organised one like Stargazers Ghost Network... 

“Considering precise targeting, this threat could affect a vast number of victims worldwide, with more impactful consequences in addition to possible ransomware infections, stolen credentials, and compromised crypto-currency wallets."

Check Point were also able to identify a similar looking campaign operating on YouTube video hosting, which they think indicates a there is a switch in malware Distribution as a Service (DaaS) approach. According to Chailytko, this will have the effect of "... leveraging more popular platforms to propagate infections to as many users as possible in a more covert way, with this GitHub account network being part of a wider scheme of malicious distribution.”

Check Point    |     NVAccess   |   ITPro    |    Dark Reading 

Image: Ideogram

You Might Also Read:

Hackers Exploit GitHub & FileZilla To Deliver Malware:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

 

« Most Wanted - North Korean Hackers 
Video Game Actors Fear Being Replace By AI  »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

Cyanre

Cyanre

Cyanre delivers state of the art cyber forensic services through software technologies and procedures that exceed conformities of major law enforcement agencies across the globe.

TeachPrivacy

TeachPrivacy

TeachPrivacy provides computer-based privacy and data security training that is engaging, memorable, and understandable.

Agesic

Agesic

Agesic is an institution that leads the development of the Digital Government and the Information and Knowledge Society in Uruguay.

Awake Security

Awake Security

Awake Security offer a security solution built on an AI platform that acts like the human brain to sense, detect, and respond to threats you may not even know exist.

SITA

SITA

SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry including vulnerability assessments and managed security services.

ProWriters

ProWriters

As a leading cyber insurance company, ProWriters offers flexible Cyber Liability Insurance coverage designed to cover privacy, data, and network exposures.

Spohn Solutions

Spohn Solutions

Spohn combines highly-experienced staff with a vendor neutral approach to deliver optimal solutions for IT Security and Compliance.

SHIELD

SHIELD

SHIELD are the world’s leading cybersecurity company specializing in cyber fraud and identity solutions.

Securosys

Securosys

Securosys is a technology company dedicated to securing data and communications. We develop, produce, and distribute hardware, software and services that protect and verify data and their transmission

Logit.io

Logit.io

Logit.io is a log analysis & management platform that provides a scalable solution for hosting the open-source tools Elasticsearch, Logstash, and Kibana.

Campus cyber

Campus cyber

A project initiated by the President of the Republic, the Cyber Campus is the totem site of cybersecurity that brings together the main national and international players in the field.

PointWire

PointWire

PointWire offers a range of cybersecurity solutions and services including Penetration Testing on various levels, as well as Intrusion Detection and Prevention Systems.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.

Colt Technology Services

Colt Technology Services

Colt Technology Services (Colt) is a global digital infrastructure company which creates extraordinary connections to help businesses succeed.

Operational Systems (OpSys)

Operational Systems (OpSys)

OpSys is a leading Managed IT and Cyber Security provider protecting the critical elements of businesses across the globe.