Identity, Malware

GitHub, FileZilla exploited for multiple malware delivery

Code id tech finger safety verification concept scan background lock identity cyberspace control digital computer access system biometric security fingerprint technology identification scanner

Sophisticated Russian threat operation GitCaught has exploited GitHub and FileZilla to facilitate the deployment of several malicious payloads, including the Atomic macOS Stealer, or AMOS, as well as the Octo, Lumma, and Vidar information-stealing malware strains, Security Affairs reports.

Attacks involved the use of a GitHub profile to create a dozen domains spoofing 1Password, Pixelmator Pro, and other legitimate macOS apps, which would result in the distribution of AMOS, while a FileZilla server was utilized to distribute Python scripts and encrypted files with the Lumma and Vidar stealers, according to a report from Recorded Future's Insikt Group.

Further analysis of the campaign showed a website impersonating legitimate software that redirects to Dropbox and other file-sharing sites to enable the delivery of AMOS and the Rhadamanthys infostealer. Included in the spoofed websites was one for the already discontinued remote desktop video game streaming platform Rainway, with the fake website even topping the legitimate one in Google searches, said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.