Malicious GitHub repositories containing cracked software have been leveraged by threat actors to facilitate RisePro information-stealing malware delivery as part of the "gitgub" campaign, The Hacker News reports.
All 17 repositories used in the campaign, which GitHub has already removed, had a README.md file that aimed to establish legitimacy with the inclusion of four green Unicode circles, as well as redirected to the same download link with a RAR archive file, according to a report from G DATA. Executing the RAR archive with a password from the README.md file would then trigger an installer file with the next-stage payload that eventually leads to RisePro infostealer injections, researchers said. Such findings follow various reports detailing the increasing sophistication and prevalence of information-stealing malware, with a Splunk study recently showing the "multi-faceted" data exfiltration capabilities of the Snake Keylogger enabled by FTP utilization and Telegram integration and a Specops report noting the dominance of the RedLine, Vidar, and Raccoon stealers.