"Unsung GitHub Features Anchor Novel Hacker C2 Infrastructure"

Researchers have discovered a GitHub account abusing two different features of the website to host stage-two malware. Hackers are increasingly repurposing public services for their activities, housing malware in public code repositories or file-sharing services, and conducting command-and-control (C2) from messaging apps. They sometimes use Software-as-a-Service (SaaS) platforms in unexpected ways. A user by the name of "yeremyvalidslov2342" is continuing this tactic. The individual has been linked to multiple malicious packages identified by ReversingLabs on December 19. In order to sneak payloads past website administrators and victims, they hid their packages using two previously unexploited GitHub features: "gists" and commits. This article continues to discuss the new ways of abusing GitHub and how public services help hackers.

Dark Reading reports "Unsung GitHub Features Anchor Novel Hacker C2 Infrastructure"

Submitted by grigby1