Check Point Research has uncovered a sophisticated operation dubbed the “Stargazers Ghost Network” on GitHub, marking the first discovery of its kind on the platform. This network of ghost accounts distributes malware and malicious links through phishing repositories, potentially impacting millions of users.
The operation, run by an individual known as Stargazer Goblin, targets a wide range of users including social media enthusiasts, gamers, and cryptocurrency holders.Victims face severe consequences such as ransomware infections, stolen credentials, and compromised cryptocurrency wallets.
The network operates on a Distribution as a Service (DaaS) model, providing a platform for other threat actors to distribute various malware families, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine.
Researchers estimate that Stargazer Goblin has earned approximately $100,000 since August 2022, operating more than 3,000 GitHub ghost accounts. The network’s sophistication lies in its ability to make malicious repositories appear legitimate through actions like starring, forking, and subscribing.
Check Point Research suggests that this GitHub operation may be part of a larger DaaS universe spanning multiple platforms, including Twitter, YouTube, Discord, Twitch, and Instagram, potentially affecting a significantly greater number of users.
The discovery raises concerns about the security of open-source platforms and the need for increased vigilance among users. Check Point advises GitHub users to be cautious of links leading to repositories that provide executable download links, even from seemingly reputable sources.
The operation, run by an individual known as Stargazer Goblin, targets a wide range of users including social media enthusiasts, gamers, and cryptocurrency holders.Victims face severe consequences such as ransomware infections, stolen credentials, and compromised cryptocurrency wallets.
The network operates on a Distribution as a Service (DaaS) model, providing a platform for other threat actors to distribute various malware families, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine.
Researchers estimate that Stargazer Goblin has earned approximately $100,000 since August 2022, operating more than 3,000 GitHub ghost accounts. The network’s sophistication lies in its ability to make malicious repositories appear legitimate through actions like starring, forking, and subscribing.
Check Point Research suggests that this GitHub operation may be part of a larger DaaS universe spanning multiple platforms, including Twitter, YouTube, Discord, Twitch, and Instagram, potentially affecting a significantly greater number of users.
The discovery raises concerns about the security of open-source platforms and the need for increased vigilance among users. Check Point advises GitHub users to be cautious of links leading to repositories that provide executable download links, even from seemingly reputable sources.
#GitHub #users #risk #ghost #accounts #million #users #risk #Times #India
