Cisco's Talos security team identified a malware-as-a-service operator utilizing public GitHub accounts to distribute various malware types. GitHub's accessibility in many enterprise networks allowed these malicious activities to flourish. After notification, GitHub promptly removed the identified accounts. This method of distribution could evade Web filters not set to block GitHub, complicating detection efforts. The campaign was linked to previously known malware loader Emmenhtal, which was also implicated in targeting Ukrainian entities via email. The final payload differed by implementing Amadey malware, first identified in 2018.
Researchers from Cisco's Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to targets.
In addition to being an easy means of file hosting, downloading files from a GitHub repository may bypass Web filtering that is not configured to block the GitHub domain.
Collection
[
|
...
]