API security

RisePro infostealer distributed in GitHub

Malicious GitHub repositories containing cracked software have been leveraged by threat actors to facilitate RisePro information-stealing malware delivery as part of the "gitgub" campaign, The Hacker News reports.

All 17 repositories used in the campaign, which GitHub has already removed, had a README.md file that aimed to establish legitimacy with the inclusion of four green Unicode circles, as well as redirected to the same download link with a RAR archive file, according to a report from G DATA. Executing the RAR archive with a password from the README.md file would then trigger an installer file with the next-stage payload that eventually leads to RisePro infostealer injections, researchers said. Such findings follow various reports detailing the increasing sophistication and prevalence of information-stealing malware, with a Splunk study recently showing the "multi-faceted" data exfiltration capabilities of the Snake Keylogger enabled by FTP utilization and Telegram integration and a Specops report noting the dominance of the RedLine, Vidar, and Raccoon stealers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds