GitHub recently issued a security alert warning of a social engineering campaign targeting developer accounts in the cryptocurrency, blockchain, cybersecurity, and online gambling domains.
The campaign, which has been linked to the infamous North Korean Lazarus hacking group, aims to infect their systems with malware. Lazarus is notorious for its high-profile attacks against cryptocurrency companies and cybersecurity researchers, intending to steal cryptocurrency and conduct cyber espionage.
“GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms, using a combination of repository invitations and malicious npm package dependencies,” reads GitHub’s security advisory.
The North Korean hackers have been reported to compromise legitimate accounts or create fake personas on GitHub and social media, masquerading as recruiters and developers. They initiate contact, often attempting to transition the conversation from one platform to another.
Once contact is established, the perpetrators lure the victims to collaborate on a GitHub repository, either public or private.
These repositories often contain malicious code embedded in software that includes harmful npm (JavaScript package manager) dependencies, commonly seen in media players and cryptocurrency trading tools.
Domains used for second-stage malware downloads include:
The threat actors are cautious, refraining from publishing malicious packages if unsure of a hit to prevent unnecessarily exposing the malicious code and getting caught. However, they might attempt to deliver the malware directly on messaging or file-sharing platforms, bypassing the repository invitation/clone step.
GitHub has taken a series of steps to limit the harm done by this campaign, including:
Additionally, GitHub released a series of security recommendations for users to mitigate this malicious campaign:
action:repo.add_member
events to see if they've accepted an invite to a rogue repositoryThis campaign exposes the growing threats in the technology sector, particularly among crypto, blockchain, and cybersecurity domains. Developers and firms in these domains are advised to exercise caution and heed GitHub's recommendations to stay protected.
Using specialized software such as Bitdefender Ultimate Security can protect you against downloading and executing malicious code on your computer. Key features include:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsNovember 14, 2024
September 06, 2024