GitHub, a widely used platform in the tech world, is facing a rising threat from cybercriminals. They’re exploiting GitHub’s popularity to host and spread harmful content, making it a hub for malicious activities like data theft and controlling compromised systems. This poses a challenge for cybersecurity, as the bad actors use GitHub’s legitimacy to slip past traditional defences.
Known as ‘living-off-trusted-sites,’ this technique lets cybercriminals blend in with normal online traffic, making it harder to detect. Essentially, they’re camouflaging their malicious activities within the usual flow of internet data. GitHub’s involvement in delivering harmful code adds an extra layer of complexity. For instance, there have been cases of rogue Python packages (basically, software components) using secret GitHub channels for malicious commands on hacked systems.
This situation highlights the need for increased awareness and updated cybersecurity strategies to tackle these growing threats. It’s a reminder that even widely used platforms can become targets for cybercrime, and staying informed is crucial to staying secure.
While it’s not very common for bad actors to fully control and command systems through GitHub, they often use it as a way to share secret information. This is called a “dead drop resolver.” It’s like leaving a message in a hidden spot for someone else to pick up. Malware like Drokb
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: