1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Lumma Stealer malware linked as project fixes in GitHub comments

    From TechnologyDaily@1337:1/100 to All on Mon Sep 2 14:15:06 2024
    Lumma Stealer malware linked as project fixes in GitHub comments

    Date:
    Mon, 02 Sep 2024 14:01:00 +0000

    Description:
    GitHub staff is hard at work removing tens of thousands of malicious comments.

    FULL STORY ======================================================================

    Cybercriminals have found yet another way to infect software developers with malware - through comments on GitHub projects.

    Whenever a developer uploads a project to GitHub, other community members can leave comments below. That way, the wider community can discuss spotting fallacies and vulnerabilities, potential improvements, different suggestions, and more.

    Someone found a way to leave comments on the platform en-masse, and is using the technique to try and trick the developers into downloading the Lumma Stealer. Deleting the comments

    As observed by BleepingComputer , there have been thousands of comments, all across the platform, saying pretty much the same thing: to fix your trouble check this fix, I see it in another issue, followed by a link from mediafire.com or bit.ly, to a password-protected archive. The archive
    contains Lumma Stealer, an infamous piece of malware capable of stealing all sorts of sensitive information, from credentials, to cryptocurrency wallet data, to browser information.

    It is often distributed through phishing campaigns, malicious attachments, or infected software downloads. In fact, last week security researchers from Mandiant warned that Lumma was being distributed through fake pirated movies online.

    Lumma is known for being stealthy, grabbing the files without being spotted
    by antivirus or antimalware tools. It is offered as a service, for a subscription fee ranging between $250 and $1,000.

    Apparently, the crooks left almost 30,000 comments across the platform, and while GitHubs admins responded by deleting as many comments as possible, some people already fell for the trick.

    GitHub is one of the worlds most popular platforms for software developers
    who build projects using Git. Last year, the platform reportedly had more
    than 100 million users, a figure which seems to be growing by the day. As such, GitHub is an extremely popular target for cybercriminals , who are always looking for new ways to sneak malware onto the platform. More from TechRadar Pro Watch out those movie downloads could actually just be vicious new Windows malware Here's a list of the best firewall software around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/lumma-stealer-malware-linked-as-project -fixes-in-github-comments


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)