Photo by Pixabay

Beware … ghost accounts on #Github are manipulating pages to promote malware and phishing links.

A secretive network of around 3,000 “ghost” accounts on GitHub has quietly been manipulating pages on the code-hosting website to promote malware and phishing links, according to new research seen by WIRED.

Antonis Terefos, a malware reverse engineer at Check Point who discovered the nefarious behavior, says the persona behind the network uses their false accounts to “star,” “fork,” and “watch” the malicious pages. These actions—which are loosely similar to liking, sharing, and subscribing, respectively—help make the pages appear popular and genuine. The more stars, the more realistic a page looks. “The malicious repositories appeared really legitimate,” Terefos says.

GitHub has more than 100 million users who have contributed over 420 million repositories on the platform. Given the breadth of the platform, it’s unsurprising that cybercriminals and hackers are attempting to abuse it. In recent years, researchers have been mapping instances of fake stars, spotting dangerous code hidden in projects, facing growing supply-chain attacks against open source software, and seeing comments being used to spread malware.

“Users of GitHub, and especially inexperienced users, can easily download malicious code, which can often be the result of fictitious reviews and starring,” says Jake Moore, global cybersecurity adviser at security firm Eset. “Telltale signs of malicious code on GitHub could also be unexpected or suspicious code changes, code that accesses external resources, and specific hard-coded credentials or API keys.”

Full article on WIRED
#networksecurity #fork #malware