Identity, Malware
GitHub, FileZilla exploited for multiple malware delivery

(Adobe Stock)
Sophisticated Russian threat operation GitCaught has exploited GitHub and FileZilla to facilitate the deployment of several malicious payloads, including the Atomic macOS Stealer, or AMOS, as well as the Octo, Lumma, and Vidar information-stealing malware strains, Security Affairs reports.Attacks involved the use of a GitHub profile to create a dozen domains spoofing 1Password, Pixelmator Pro, and other legitimate macOS apps, which would result in the distribution of AMOS, while a FileZilla server was utilized to distribute Python scripts and encrypted files with the Lumma and Vidar stealers, according to a report from Recorded Future's Insikt Group. Further analysis of the campaign showed a website impersonating legitimate software that redirects to Dropbox and other file-sharing sites to enable the delivery of AMOS and the Rhadamanthys infostealer. Included in the spoofed websites was one for the already discontinued remote desktop video game streaming platform Rainway, with the fake website even topping the legitimate one in Google searches, said researchers.
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds