3.7 Million Fake GitHub Stars: A Growing Threat Linked to Scams and Malware

Summary:
The article discusses the growing issue of fake GitHub stars, which are being used to manipulate the popularity of open-source projects, leading to potential risks such as malware distribution and fraudulent activities. Despite GitHub’s efforts to combat this issue, the prevalence of fake stars continues to rise, prompting the need for better detection methods and user awareness.
#FakeStars #OpenSourceRisks #SoftwareIntegrity

Keypoints:

GitHub stars are often misused as a metric for evaluating open-source projects.

Fake stars can be purchased cheaply, leading to inflated popularity metrics.

GitHub’s policies prohibit inauthentic interactions, but fake stars persist.

Fake stars can mislead investors and promote low-quality repositories.

Recent research indicates a significant increase in suspected fake stars and repositories involved in fake star campaigns.

Detection methods for fake stars are being developed, including heuristics based on user activity patterns.

Socket is launching a “Suspicious Stars on GitHub” alert to help users identify potentially fraudulent projects.

Users are advised to scrutinize star counts and repository activity before trusting open-source packages.

MITRE Techniques

Command and Control (T1071): Utilizes multiple command and control domains to maintain communication with compromised systems.

IoC:

[domain] zigzagmoot

[domain] zigzagklatton

[domain] zigzag869

[domain] zhengyanlin18

[domain] zhengkaifor

[domain] zhaowuling

[domain] zhangdapao9523

[domain] 1cyres

[domain] 1Xitz1

[domain] 1905mali

[domain] 1842JakUCY

[domain] Recognito-Vision

[domain] dsnbey

[domain] 1321928757

[domain] dnbmagic

[domain] solidglue

[domain] ai-boost

[domain] CerberusChaos

[domain] jiawanlong

Full Research: https://socket.dev/blog/3-7-million-fake-github-stars-a-growing-threat-linked-to-scams-and-malware