Home Security Cyber Criminals Exploit GitHub and FileZilla to Deliver Cocktail Malware

Cyber Criminals Exploit GitHub and FileZilla to Deliver Cocktail Malware

by


May 20, 2024NewsroomMalvertising / Cryptocurrency

A “multi-faceted campaign” has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro.

“The presence of multiple malware variants suggests a broad cross-platform targeting strategy, while the overlapping C2 infrastructure points to a centralized command setup — possibly increasing the efficiency of the attacks,” Recorded Future’s Insikt Group said in a report.

Cybersecurity

The cybersecurity firm, which is tracking the activity under the moniker GitCaught, said the campaign not only highlights the misuse of authentic internet services to orchestrate cyber attacks, but also the reliance on multiple malware variants targeting Android, macOS, and Windows to increase the success rate.

Attack chains entail the use of fake profiles and repositories on GitHub, hosting counterfeit versions of well-known software with the goal of sensitive data from compromised devices. The links to these malicious files are then embedded within several domains that are typically distributed via malvertising and SEO poisoning campaigns.

Cocktail Malware

The adversary behind the operation, suspected to be Russian-speaking threat actors from the Commonwealth of Independent States (CIS), has also been observed using FileZilla servers for malware management and delivery.

Further analysis of the disk image files on GitHub and the associated infrastructure has determined that the attacks are tied to a larger campaign designed to deliver RedLine, Lumma, Raccoon, Vidar, Rhadamanthys, DanaBot, and DarkComet RAT since at least August 2023.

The Rhadamanthys infection pathway is also notable for the fact that victims who land on the fake application websites are redirected to payloads hosted on Bitbucket and Dropbox, suggesting a broader abuse of legitimate services.

Cybersecurity

The development comes as the Microsoft Threat Intelligence team said that the macOS backdoor codenamed Activator remains a “very active threat,” distributed via disk image files impersonating cracked versions of legitimate software and stealing data from Exodus and Bitcoin-Qt wallet applications.

“It prompts the user to let it run with elevated privileges, turns off the macOS Gatekeeper, and disables the Notification Center,” the tech giant said. “It then downloads and launches multiple stages of malicious Python scripts from multiple command-and-control (C2) domains and adds these malicious scripts to the LaunchAgents folder for persistence.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex