GitCaught: Threat Actor Leverages GitHub Repository for Malicious…

216.73.217.22

GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure

· Published 20/05/2024 16:33 · Modified 20/05/2024 16:38

Essential information

Published: 20/05/2024 16:33
Modified: 20/05/2024 16:38
Tags: 2024-05-20
Related entities: 76 observables, 23 techniques (mitre), 4 malware

Description

In recent research, Recorded Future's Insikt Group uncovered a sophisticated cybercriminal campaign led by Russian-speaking threat actors from the Commonwealth of Independent States (CIS). These threat actors leveraged a GitHub profile to impersonate legitimate software applications like 1Password, Bartender 5, and Pixelmator Pro to distribute various malware types, such as Atomic macOS Stealer (AMOS) and Vidar. This malicious activity highlights the abuse of trusted internet services to orchestrate cyberattacks that steal personal information.

External references

https://www.recordedfuture.com/gitcaught-threat-actor-leverages-github-repository-for-malicious-infrastructure
https://otx.alienvault.com/pulse/664b7b4d9a73d574f7411803