A widespread cybercriminal operation has clandestinely inserted malicious code into over 130 open-source repositories on GitHub, disguising malware as tools and game cheats. The campaign employed automation, obfuscation, and social engineering, potentially impacting a broad range of users and the supply chain. #GitHubBackdoors #SakuraRAT
Keypoints
- A cybercriminal developer created over 130 malicious repositories on GitHub disguised as legitimate tools.
- The operation involved automated commits and layered obfuscation techniques to hide malware payloads.
- Reposted malware primarily targeted novice hackers and gamers, with final payloads including Lumma Stealer and AsyncRAT.
- Researchers linked the campaign to a broader Distribution-as-a-Service (DaaS) model and suspect potential connections to past campaigns.
- Most compromised repositories have been reported and removed, but the threat highlights risks in open-source supply chains.
Read More: https://www.infosecurity-magazine.com/news/campaign-targets-cybercriminals/