top of page
Search
CyberForce|Q

Malware Distribution Utilizes Thousands of GitHub Account


 

The well-known site GitHub has over 3,000 fake accounts that were used in malware Distribution as a Service (DaaS). The threat actors behind this are called Stargazer Goblin.


They have been operating since August of 2022 by luring victims into a phishing repository. Since the site is well-known many people may be more willing to click on the links.


Here is an example of what the user may see when asked to download:


Checkpoint researchers call the accounts Stargazers Ghost Network. They say this is the largest scheme ever conducted on GitHub.


"The campaigns performed by the Stargazers Ghost Network and malware distributed via this service are extremely successful," explains the report by Check Point Research.


It is estimated that Stargazer Goblins have earned over $100,000 through malware distribution. They have done this through distributing responsibilities of varying degrees across accounts. When one account gets detected from GitHub the responsibilities are transferred to a different account. Stargazer Goblins have created an operation for continuing the distribution.


Users are advised to perform best practices when clicking on downloads and URL links.


Relevance:

  • Malware

  • Phishing


Recommendations:

  • Be cautious about what you download onto your devices.

  • Verify the URLs before clicking on them.

  • Use antivirus software to scan for malware.


References:

Toulas, B. (2024, July 24). Over 3,000 github accounts used by Malware Distribution Service. BleepingComputer. https://www.bleepingcomputer.com/news/security/over-3-000-github-accounts-used-by-malware-distribution-service/

 

How can CyberForce|Q services help you address this risk?


Our team can assist your organization in reviewing the devices on your system and determining the level of prioritization they need. We can conduct a penetration test for your organization to gain thorough understanding of the gaps within your environment. – reach out to solutions@cyberforceq.com.


Learn more about CyberForce|Q.


7 views0 comments

Comments


bottom of page