Global Reuters

GitHub users are under attack once again, as researchers spot yet another creative malware campaign on the popular platform.

This campaign seeks to deliver clipper malware, and has a unique approach to increase visibility, while decreasing the chances of being flagged by antivirus programs.

According to cybersecurity researchers from Checkmarx, an unnamed threat actor created malicious GitHub repositories, using names and topics that are popular and frequently searched for. Then, they automated the update mechanism, regularly changing the date, and other meaningless information, in the log file. That way, the repository was always at the very top of the search results, especially in the “recently updated” category.

Keysetzu clipper

The hackers also used fake accounts to add positive reviews and five-star ratings to further boost the malware’s visibility and credibility. While this isn’t a new technique, the threat actors didn’t overdo it with great ratings this time around, keeping a low profile.

At the same time, the malware was padded with many zeros, artificially inflating its size to exceed 32MB. That way, many antivirus programs and platforms, including VirusTotal, did not scan it.

The goal of the campaign was to drop clipper malware. Clippers usually steal clipboard information (copy/paste data) and are often used in cryptocurrency theft. When sending money, crypto users usually copy and paste the recipient’s wallet address (since it’s a long string of random characters and impractical, if not impossible, to memorize). In this process, the clipper malware will replace the recipient’s wallet with that of the attackers, tricking the victim into sending their money to the wrong address.

Unless the money is being transferred from a centralized exchange, the transactions are impossible to stop or revert. The money is gone for good.

Analyzing the malware, the researchers said it bears many similarities to the Keyzetsu clipper, which was first observed in mid-2023. Apparently, it will not activate on a computer located in Russia.

Top Insights

UBS forecasting many more Federal Reserve rate cuts, forecast S&P 500 to 6200

New Zealand Westpac Consumer Survey climbed from previous 82.2 to 90.8 in 3Q

More info – Goldman Sachs sees Fed cutting by 25 bps at each meeting until June next year

ICYMI: US Treas Sec Yellen said the Fed rate cut is ‘very positive sign’ for economy

Leave a comment

Leave a Reply Cancel reply

Recent Posts

EUR/USD lacks momentum, churns near 1.0750

ForexLive Asia-Pacific FX news wrap: Australian data poor again

Turkey: Inflation data for August – Commerzbank

Powell speech: Strong hiring all by itself would not be a reason to hold off on rate cuts

Categories

Categories

Related Articles

CEO of self-driving startup Motional is stepping down

Abous us

Subscribe Now