Hackers Exploit GitHub & FileZilla To Deliver Malware

Security researchers have discovered a new cybercrime campaign that exploits legitimate platforms to spread malware. 

The expert threat intelligence Insikt Group at Recorded Future has found a sophisticated cyber crime operation run by Russian-speaking threat actors. This group of hackers has used supposedly safe websites including GitHub and FileZilla to spread banking malware, which is very dangerous for both personal and business security. 

According the the report "The presence of multiple malware variants suggests a broad cross-platform targeting strategy, while the overlapping C2 infrastructure points to a centralised command setup, possibly increasing the efficiency of the attacks," 

GitHub & Filezilla  Exploited For Malware Distribution

In exposing the misuse of GitHub in cyber attacks the researchers conclude that the cyber crime operatives  behind this effort are highly skilled in the use of software management tools. In particular, they created fake GitHub accounts and repositories that resembled real software programs, such as Pixelmator Pro, 1Password, and Bartender 5. These fake versions were filled with malware, such as the Atomic MacOS Stealer (AMOS) and Vidar, meant to access users’ computers and steal private information.

In a similar exploit, cyber criminals have also used FileZilla, a well-know FTP client, to distribute malicious payloads, enabling them  to deliver attacks that steal personal information with apparent ease, using reputable  internet services.

It appears that the use of these types of malware were not separate incidents. Instead, they used the same command-and-control (C2) infrastructure, which shows that they worked together to make the strikes more powerful.  This shared C2 setup makes it look like the threat actors are part of a well-organised group with a lot of money that can start long-lasting cyberattacks on various devices and operating systems.

The changing nature of these types of malware makes it very hard for standard security measures to work and because software is always getting smarter and more complicated, cyber security needs to be proactive and flexible. 

The sophistication and complexity of the operation show how important it is to take a multi-layered approach to cybersecurity. 

Organisations are advised to follow strict security rules, especially when adding code outside their settings. Setting up a code review process for the whole company and using automated scanning tools like GitGuardian, Checkmarx, or GitHub Advanced Security can help find malware or identify suspicious patterns in the code. In particular, businesses should improve their general security by devising ways to monitor and block unauthorised programs and scripts from third parties that could be used to spread malware. 

It’s also important to share threat intelligence and to collaborate with the larger cybersecurity community to fight complex campaigns like the one reported here. 

The results from Recorded Future’s Insikt Group show the importance of being alert and taking action when online threats change. Cyber criminals are able to expploit use trusted platforms to spread malware, and businesses must stay alert and and have developed effective backup security measures to keep their systems and data safe.   

Recorded Future   |    Cybersecurity News   |     Hacker News    |      Spiceworks    |  Security Affairs   |    LinkedIn 

Image: PashaIgnatov

You Might Also Read: 

The Importance Of Formal Verification Networks For Secure Software

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Google AI Makes Embarrassing Errors
Five AI-driven Features to Enhance Payment Gateway Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

Infinigate UK

Infinigate UK

Infinigate is a value-added distributor of IT security solutions to protect and defend IT networks, servers, devices, data, applications, as well as the cloud.

Komodo Consulting

Komodo Consulting

Komodo Consulting specializes in Penetration Testing and Red-Team Excercises, Cyber Threat Intelligence, Incident Response and Application Security.

Dcoya

Dcoya

Dcoya's complete security awareness training program gives you out-of-the-box compliance with PCI-DSS, HIPAA, SOX and ISO regulations.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

NetMonastery DNIF

NetMonastery DNIF

NetMonastery is a network security company which assists enterprises in securing their network and applications by detecting threats in real time.

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

Forensic Pathways

Forensic Pathways

Forensic Pathways focus on the provision of digital forensic technologies, offering clients unique technologies in the management of mobile phone data, image analysis and ballistics analysis.

SEON Technologies

SEON Technologies

At SEON we strive to help online businesses reduce the costs, time, and challenges faced due to fraud.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

Ecubel

Ecubel

Ecubel is the market leader in Belgium in buying and selling used IT harware guaranteed by a certified data erasure.

e.Kraal Innovation Hub

e.Kraal Innovation Hub

e.Kraal is a Cybersecurity Innovation Hub whose mission is to secure the future of Cybersecurity in Kenya by accelerating innovation and creativity in the cyberspace ecosystem.

Reed

Reed

reed.co.uk is a leading job site in the UK, providing a full online service for anyone looking for a new job.

BicDroid

BicDroid

BicDroid is a world leader in data and cyber security with innovative solutions that protect your data anywhere, anytime, against everything.

Positka FSI Pte Ltd

Positka FSI Pte Ltd

Positka, being a Splunk Singapore partner, provides Splunk & Phantom Services, Cybersecurity & Risk Management, Analytics & Big Data, Lean Process Optimization, and Managed Security Services.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.