The Insikt Group at Recorded Future has found a sophisticated cybercrime operation run by Russian-speaking threat actors from the Commonwealth of Independent States (CIS).
This group of hackers has used safe websites like GitHub and FileZilla to spread banking malware, which is very dangerous for both personal and business security.
GitCaught: Exposing the Misuse of GitHub in Cyberattacks
The people behind this effort are very skilled and know a lot about how software works and how to keep users trusting it.
They created fake GitHub accounts and repositories that resembled real software programs, such as Pixelmator Pro, 1Password, and Bartender 5.
These fake versions were filled with malware, such as the Atomic MacOS Stealer (AMOS) and Vidar, meant to access users’ computers and steal private information.
The Insight Group at Recorded Future researched and found that these types of malware were not separate incidents.
Instead, they used the same command-and-control (C2) infrastructure, which shows that they worked together to make the strikes more powerful.
This shared C2 setup makes it look like the threat actors are part of a well-organized group with a lot of money that can start long-lasting cyberattacks on various devices and operating systems.
The changing nature of these types of malware makes it very hard for standard security measures to work.
Because software is always getting smarter and more complicated, cybersecurity needs to be proactive and flexible.
Organizations are told to follow strict security rules, especially when adding code outside their settings.
Setting up a code review process for the whole company and using automated scanning tools like GitGuardian, Checkmarx, or GitHub Advanced Security can help find malware or strange patterns in the code.
FileZilla: Another Vector for Malware Distribution
The bad guys have also used FileZilla, a famous FTP client, to spread their malicious payloads along with GitHub.
Cybercriminals have been able to stage cyberattacks that steal personal information with shocking ease by using well-known internet services.
The complexity of the operation and the fact that new malware is always being made show how important it is to take a multi-layered approach to cybersecurity.
In the middle term, businesses should improve their general security by devising ways to monitor and block unauthorized programs and scripts from third parties that could be used to spread malware.
It’s also important to share information and collaborate with the larger cybersecurity community to fight complex campaigns like the one this study found.
The results from Recorded Future’s Insight Group show the importance of being alert and taking action when online threats change.
Cybercriminals still use trusted platforms to spread malware, so businesses must stay alert and use full security plans to keep their systems and data safe.
To get a full report as a PDF file with more information and a more in-depth study, click here.
Source: https://bit.ly/3uS5LZ2