Summary: A malware campaign utilizing malicious GitHub repositories disguised as game modifications has been discovered, with over 1,100 repositories linked to Redox stealer malware. This malware engages in credential harvesting through social engineering tactics and technical obfuscation. Despite attempts by GitHub to detect and remove these threats, many repositories remain active, revealing significant gaps in monitoring.
Affected: GitHub, end-users of compromised software
Keypoints :
- Redox stealer is designed to exfiltrate sensitive information such as cryptocurrency wallet keys and gaming platform credentials.
- Attackers use fake repository claims and social engineering tactics to attract users, including topic poisoning and fabricated README files.
- GitHub faces challenges in addressing these threats, including delayed takedowns and legitimate-looking activities that bypass detection systems.
Source: https://gbhackers.com/new-github-scam/