Subj : Hackers look to trick GitHub users with intricate malware
To   : All
From : TechnologyDaily
Date : Thu Apr 11 2024 10:15:05

Hackers look to trick GitHub users with intricate malware

Date:
Thu, 11 Apr 2024 09:00:00 +0000

Description:
Hackers have found a way to keep a malicious repository front and center at 
all times.

FULL STORY
======================================================================

GitHub users are under attack once again, as researchers spot yet another 
creative malware campaign on the popular platform. 

This campaign seeks to deliver clipper malware, and has a unique approach to 
increase visibility, while decreasing the chances of being flagged by 
antivirus programs . 

According to cybersecurity researchers from Checkmarx, an unnamed threat 
actor created malicious GitHub repositories, using names and topics that are 
popular and frequently searched for. Then, they automated the update 
mechanism, regularly changing the date, and other meaningless information, in 
the log file. That way, the repository was always at the very top of the 
search results, especially in the recently updated category. Keysetzu clipper 

The hackers also used fake accounts to add positive reviews and five-star 
ratings to further boost the malwares visibility and credibility. While this 
isnt a new technique, the threat actors didnt overdo it with great ratings 
this time around, keeping a low profile. 

At the same time, the malware was padded with many zeros, artificially 
inflating its size to exceed 32MB. That way, many antivirus programs and 
platforms, including VirusTotal, did not scan it. 

The goal of the campaign was to drop clipper malware. Clippers usually steal 
clipboard information (copy/paste data) and are often used in cryptocurrency 
theft. When sending money, crypto users usually copy and paste the recipients 
wallet address (since its a long string of random characters and impractical, 
if not impossible, to memorize). In this process, the clipper malware will 
replace the recipients wallet with that of the attackers, tricking the victim 
into sending their money to the wrong address. 

Unless the money is being transferred from a centralized exchange, the 
transactions are impossible to stop or revert. The money is gone for good. 

Analyzing the malware, the researchers said it bears many similarities to the 
Keyzetsu clipper, which was first observed in mid-2023. Apparently, it will 
not activate on a computer located in Russia. More from TechRadar Pro This 
sneaky hijack malware replaces your crypto addresses with lookalikes Here's a 
list of the best firewalls around today These are the best endpoint security 
tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/hackers-look-to-trick-github-users-with
-intricate-malware


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.