CCleaner, Daemon Tools and AVAST were successfully used as bait for fans of "free cheese".
Security researchers have discovered several repositories on GitHub that distribute malware under the guise of hacked versions of popular software.
As part of a malicious operation dubbed "gitgub", specialists from the German company G DATA identified 17 repositories associated with 11 different accounts that for a long time distributed the RisePro infostiler, which first appeared in the infield in December 2022.
According to experts, all malicious repositories have already been removed from GitHub to avoid spreading the infection.
All repositories had a very similar design, including the file "README.md" with promises of free hacked software. To give legitimacy and relevance, the attackers used green circles in the Unicode character system (U+1F7E2), simulating status indicators, as well as the current date.
The list of repositories ranged from software for improving audio to tools for data recovery and protection, system optimization, and working with partitions. Especially prominent are such repositories as "AVAST", "AOMEI-Backupper", "IObit-Smart-Defrag-Crack", "Ccleaner", "EaseUS-Partition-Master", "Daemon-Tools", etc. These names and brands are familiar to many Windows users and automatically inspire confidence in most of them.
Victims of the malicious campaign were also attracted by links to download RAR archives from the site "digitalxnetwork [.] com", which looks quite legitimate, as well as requiring a password from "README.md" to access the installation file.
Malware disguised as an installer, which has a volume of 699 MB to complicate analysis by specialized tools, actually contained only 3.43 MB of useful data. This data served as a loader for injecting the RisePro version 1.6 malware.
Meanwhile, RisePro, written in C++, specializes in collecting sensitive information from infected hosts and exporting it to attackers ' Telegram channels.
According to Specops, infostealers such as RedLine, Vidar, and Raccoon are becoming increasingly popular and are often the main vector for ransomware attacks and other serious data security breaches. RedLine alone has stolen more than 170 million passwords in the past six months.
In turn, Flashpoint experts emphasize that the current increase in the popularity of malware for stealing information is a vivid reminder of the ever-evolving digital threats. At the same time, the main motivation for using such software for hackers is almost always the desire for financial gain, while the availability and ease of use of such tools is only growing.
Security researchers have discovered several repositories on GitHub that distribute malware under the guise of hacked versions of popular software.
As part of a malicious operation dubbed "gitgub", specialists from the German company G DATA identified 17 repositories associated with 11 different accounts that for a long time distributed the RisePro infostiler, which first appeared in the infield in December 2022.
According to experts, all malicious repositories have already been removed from GitHub to avoid spreading the infection.
All repositories had a very similar design, including the file "README.md" with promises of free hacked software. To give legitimacy and relevance, the attackers used green circles in the Unicode character system (U+1F7E2), simulating status indicators, as well as the current date.
The list of repositories ranged from software for improving audio to tools for data recovery and protection, system optimization, and working with partitions. Especially prominent are such repositories as "AVAST", "AOMEI-Backupper", "IObit-Smart-Defrag-Crack", "Ccleaner", "EaseUS-Partition-Master", "Daemon-Tools", etc. These names and brands are familiar to many Windows users and automatically inspire confidence in most of them.
Victims of the malicious campaign were also attracted by links to download RAR archives from the site "digitalxnetwork [.] com", which looks quite legitimate, as well as requiring a password from "README.md" to access the installation file.
Malware disguised as an installer, which has a volume of 699 MB to complicate analysis by specialized tools, actually contained only 3.43 MB of useful data. This data served as a loader for injecting the RisePro version 1.6 malware.
Meanwhile, RisePro, written in C++, specializes in collecting sensitive information from infected hosts and exporting it to attackers ' Telegram channels.
According to Specops, infostealers such as RedLine, Vidar, and Raccoon are becoming increasingly popular and are often the main vector for ransomware attacks and other serious data security breaches. RedLine alone has stolen more than 170 million passwords in the past six months.
In turn, Flashpoint experts emphasize that the current increase in the popularity of malware for stealing information is a vivid reminder of the ever-evolving digital threats. At the same time, the main motivation for using such software for hackers is almost always the desire for financial gain, while the availability and ease of use of such tools is only growing.
