1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • GitHub users targeted with dangerous malware attacks - here's wha

    From TechnologyDaily@1337:1/100 to All on Fri Jul 18 15:45:06 2025
    GitHub users targeted with dangerous malware attacks - here's what we know

    Date:
    Fri, 18 Jul 2025 14:37:00 +0000

    Description:
    GitHub is being abused to host Emmenthal, SmokeLoader, Amadey, and others, experts warn.

    FULL STORY ======================================================================GitHub is being weaponized as malware infrastructure, report warns Emmenhtal and Amadey are part of a coordinated, multi-layered attack chain Victims are mostly Ukrainian organizations, but all GitHub users should be on their guard

    Security researchers have uncovered a sophisticated malware-as-a-service (MaaS) operation which exploits public GitHub repositories to compromise its targets.

    In a blog post , Cisco Talos said the threat actors evolved their delivery tactics, moving away from traditional phishing methods and into GitHub, which is often whitelisted in enterprise environments.

    GitHub is an extremely popular platform in the open source world, and as such is under a constant barrage of attacks. This batch of malicious repositories was removed, just like countless before it. How to defend against
    GitHub-borne attacks

    The campaign sought to deliver two malware families - Emmenthal and Amadey - mostly to organizations in Ukraine.

    Emmenthal is a malware loader that usually drops SmokeLoader, another loader. While a loader loading a loader doesnt sound logical at first, there is a strategic rationale behind it.

    Emmenhtal is designed as a stealthy, multistage downloader that excels at initial infection and evasion. Once a foothold is secured, it hands off the next phase of the attack to SmokeLoader, which is a feature-rich modular loader specializing in post-infection operations.

    Amadey, on the other hand, is a botnet that was first spotted around 2018, mostly sold on Russian-speaking cybercrime forums. It acts as a modular downloader and system profiler, capable of delivering a wide range of malware including information stealers and ransomware.

    In this campaign, Amadey was hosted on GitHub and disguised in various ways, such as an MP4 file, or embedded in Python scripts like ` checkbalance.py .

    To defend against this, and other threats like it, businesses should enforce strict filtering for script-based attachments, keep a close eye on PowerShell execution, and review GitHub policies, wherever possible.

    They should also go for defense-in-depth and behavioral monitoring, as these can help spot shady download patterns, or payloads being executed on targeted machines. You might also like Hackers are hiding powerful info-stealing malware in fake free VPNs downloaded from GitHub, dont get tricked Take a
    look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/github-users-targeted-with-dangerous-ma lware-attacks-heres-what-we-know


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)