web analytics
Home » Technology » Internet » Mysterious phantom network spreads malware via GitHub

Mysterious phantom network spreads malware via GitHub

4 months ago Amit Gohar

The online platform GitHub, which specializes in software development, is popular and there is hardly a developer who is not active there – with their own projects or as an observer of other repositories. A mysterious malware network is now taking advantage of this.

Stargazer has around 3000 “phantom accounts”

The “Stargazers Ghost Network” was recently discovered by security researchers at the security company Check Point Research discovered (via Wired). They write that there are at least 3,000 phantom accounts on GitHub that spread malware or malicious links via phishing repositories. “The network consists of several accounts that spread malicious links and malware and perform other actions such as (favoriting via star), forking and subscribing to malicious repositories to make them appear legitimate,” writes Check Point. The principle is relatively simple: the more likes, i.e. GitHub stars, a repository has, the more legitimate it looks; users can also use stars to save it as quasi-bookmarks.

The main person responsible for this is said to be a group or a person that the security researchers have dubbed Stargazer Goblin. This person also disguises the malware actions by appearing legitimate or by performing “normal” actions. “The way he developed it is really clever and makes good use of the way GitHub works,” says Antonis Terefos, the person who discovered Stargazer.

“Distribution as a Service”

The network itself is described as a sophisticated operation that functions as a “distribution as a service” (DaaS). Check Point names various malware families as malware that has been and is being distributed via Stargazer, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer and RedLine. Stargazer is primarily targeting GitHub repositories that offer Windows downloads of tools for social media, games and cryptocurrencies. Stargazer Goblin offers the services in relevant forums and via Telegram; the security researchers estimate the total income of this campaign to be around $100,000.

Tags: , , , , ,

More Stories

Unlimited Data Plans Verizon In The U.S.

1 week ago Research Snipers

Super realistic AI scam call targets Gmail users

1 month ago Amit Gohar

Top-level domain .io could soon disappear

1 month ago Yasir Zeb

Leave a Reply

Today’s Latest

Tax implications of Current Accounts for your business

2 days ago Alexia Hope

Apple Imoroves security and location

3 days ago Yasir Zeb

Galaxy S25 Preorders Starting Janruary

6 days ago Yasir Zeb

TZX Project FiveM External PvP Software: Your Ultimate Competitive Edge

6 days ago Yasir Zeb

Stalker 2 Should Have These System Requirements

1 week ago Research Snipers

Red Magic 10 Pro Gaming Phone Comes Without Front Camera Hole

1 week ago Amit Gohar
Pixel 8a

Pixel Devices Get Charging Limit In Android Update

1 week ago Alexia Hope

.NET 9 is Now Available Microsoft Announces

1 week ago Research Snipers

Unlimited Data Plans Verizon In The U.S.

1 week ago Research Snipers

Samsung Set to Launch 83-Inch QD-OLED TVs in 2025, but Panel Variability Persists

1 week ago Research Snipers