"'Stargazer Goblin' Amasses Rogue GitHub Accounts to Spread Malware"

The threat actor "Stargazer Goblin" has found a new way to use GitHub to spread malware and malicious links. Instead of hosting malware on GitHub and luring users to download an infected code package by clicking on a malicious link in a phishing email, the new tactic involves tricking victims into thinking that malicious repositories are legitimate through an operation involving thousands of fake accounts. Check Point Research (CPR) revealed that the adversary's goal is to run a malware Distribution-as-a-Service (DaaS) network dubbed "Stargazers Ghost Network," which currently has over 3,000 GitHub accounts. This article continues to discuss findings regarding Stargazer Goblin's operations.

Dark Reading reports "'Stargazer Goblin' Amasses Rogue GitHub Accounts to Spread Malware"

Submitted by grigby1

Submitted by Gregory Rigby on