In a recent discovery, cybersecurity experts have unearthed a concerning trend on GitHub, where hackers are leveraging cracked software to distribute RisePro, an information-stealing malware. This campaign, dubbed “gitgub,” involved 17 repositories across 11 different accounts, all aimed at disseminating the malicious software.
According to findings by G DATA, a renowned German cybersecurity firm, the repositories on GitHub promised free access to cracked versions of various software. These repositories, now taken down by GitHub, were designed to mimic legitimacy, featuring README.md files with false claims and even using Unicode circles to imply status updates and recent activity.
The list of repositories involved in the campaign included familiar software titles, such as AVAST, Sound Booster, and CCleaner, among others. Each repository provided a download link to a RAR archive file hosted on “digitalxnetwork[.]com,” requiring victims to input a password provided within the repository.
Upon extraction, the RAR archive contained an installer file, which, upon execution, unpacked a 699 MB executable file. This inflated size aimed to thwart analysis tools like IDA Pro. However, the actual payload was a mere 3.43 MB loader designed to inject RisePro version 1.6 into critical system processes.
RisePro gained notoriety in late 2022 when it was distributed via a pay-per-install malware downloader service called PrivateLoader. Written in C++, RisePro is adept at harvesting sensitive information from infected systems and transmitting it to designated Telegram channels. Recent research has also highlighted vulnerabilities in Telegram’s messaging system, allowing attackers to forward messages to alternate accounts, adding to the threat’s complexity.
This revelation coincides with a detailed report by Splunk, which shed light on the tactics employed by Snake Keylogger, another potent information-stealing malware. Utilizing a multifaceted approach, Snake Keylogger leverages various protocols such as FTP and SMTP, alongside Telegram integration, to exfiltrate stolen data efficiently.
The surge in popularity of information-stealing malware poses significant risks, often serving as a precursor to more damaging cyberattacks like ransomware. According to Specops, RedLine, Vidar, and Raccoon have emerged as the most prevalent stealers, with RedLine alone responsible for pilfering over 170.3 million passwords in the last six months.
“Today’s cybersecurity landscape underscores the ever-evolving nature of digital threats,” remarked Flashpoint in January 2024. “While financial gain remains a primary motivation, the accessibility and ease of use of these stealers continue to fuel their proliferation.”
This discovery underscores the importance of heightened vigilance among users and organizations alike. As cyber threats grow in sophistication, staying abreast of emerging trends and implementing robust security measures remains paramount in safeguarding against potential breaches and data theft.
Interesting Article : Google Launches Cutting-Edge Real-Time URL Protection for Chrome Users
Pingback: miniOrange Plugin: WordPress Security Breach