An in-depth multi-stage campaign has been uncovered wherein cyber criminals abuse legitimate services to deliver malware.
Legitimate services such as GitHub and FileZilla have been utilized to deliver different stealer malware and banking Trojans. The threat actors are able to impersonate credible software such as 1Password and Pixelmator Pro to execute this campaign and effectively deliver the malware. According to Recorded Future’s Insikt Group, the multiple variants of malware suggest “a broad cross-platform targeting strategy” and the multiple C2 infrastructure suggests a centralized command. Recorded Future has been tracking the movement of the threat actor using the moniker GitCaught. The investigation into the activity of the threat actor group illustrates the efficacy of combining multiple malware variants to improve the overall success of the campaign. A more extensive examination of the activity of the threat actor revealed the depth of the campaign as analysis of associated infrastructure revealed that the attacks delivered malware dating back to August 2023.
Read more:
https://thehackernews.com/2024/05/cyber-criminals-exploit-github-and.html