This article discusses how cybercriminals exploit GitHub to distribute malware disguised as game hacks and cracked software. McAfee Labs identified multiple repositories that lure users with enticing offers, ultimately leading to the installation of Lumma Stealer variants. The article emphasizes the importance of user education and protective measures against such threats. Affected: GitHub
Keypoints :
- Cybercriminals use GitHub to distribute malware disguised as game hacks and cracked software.
- McAfee Labs uncovered several repositories offering tempting downloads that lead to malware installation.
- Attackers leverage GitHub’s reputation to deceive users into downloading malicious software.
- Users are often misled into disabling antivirus software before downloading malware.
- Children are particularly targeted due to their interest in game hacks.
- McAfee employs multiple detection and mitigation strategies to combat these threats.
MITRE Techniques :
- Credential Dumping (T1003) – The malware iterates through system and registry keys to collect sensitive information including login credentials for browsers.
- Data from Information Repositories (T1213) – The malware searches for crypto wallets and password-related files on the system.
- Command and Control (T1071) – The malware connects to Command and Control servers to transfer stolen data.
Indicator of Compromise :
- [url] github[.]com/632763276327ermwhatthesigma/hack-apex-1egend
- [url] github[.]com/VynnProjects/h4ck-f0rtnite
- [url] github[.]com/TechWezTheMan/Discord-AllinOne-Tool
- [url] github[.]com/UNDERBOSSDS/ESET-KeyGen-2024
- [url] github[.]com/Rinkocuh/Dayz-Cheat-H4ck-A1mb0t
- Check the article for all found IoCs.
Full Research: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/githubs-dark-side-unveiling-malware-disguised-as-cracks-hacks-and-crypto-tools/