- McAFEE researchers find Github’s malicious repositories number
- The repositories change every week, but always promise cracks, hacks or free access to commercial software
- But instead of cracks, the victims infect with Lumma Stealer
Cybercriminals are using Github to attack children with infested malware, according to a new McAfee report, saying that he saw an ongoing malicious campaign in the popular code repository.
In an analysis, the researchers said they observed many repositories that seek to be games of games, cracks or free commercial software versions. However, instead of providing these programs, the repositories were actually hosting Lumma Stealer, a well -known inftent malware
“Mcafee Labs found multiple repositories, offering games of games for best selling sales video games such as Leyends Apex, Minecraft, Counter Strike 2.0, Roblox, Valorant, Fortnite, Call of Duty, GTA V and offering deciphered versions of popular software and services, as Spotify Premium, Fl Studio, Adobe Express, Sketchup Pro, Xbox Game Pass and Discord, to appoint some, ”said the researchers.
Disable the AV
This “network of repositories”, as Mcafee described it, changes the description every week and creates new repositories, since the old ones are marked and eliminated by Github. The payload, however, always remains the same.
“These repositories also include distribution licenses and software screenshots to improve their legitimacy appearance,” Mcafee concluded.
The descriptions also contain instructions on how to download and execute the malware, and how to disable any antivirus program on the computer, before executing it. The attackers said that antivirus solutions mark these programs as false positives, and can be ignored safely.
Mcafee says that this social engineering technique, combined with the Trust Github, enjoys its users, works well, and that the campaign infected many users. The researchers did not share any number, but emphasized that the objectives are mainly on the youngest side:
“Children are frequently attacked by such scams, since malware authors exploit their interest in games hacks by highlighting possible characteristics and benefits, which facilitates the infection of more systems.”
