HomeWinBuzzer NewsGitHub Comments Used to Spread Credential-Stealing Lumma Malware

GitHub Comments Used to Spread Credential-Stealing Lumma Malware

GitHub comments are being exploited to spread Lumma Stealer malware. Over 29,000 deceptive comments tricked users into downloading malware disguised as code fixes.

-

GitHub is being leveraged as a distribution channel for Lumma Stealer malware via deceptive comments across various projects. More than 29,000 comments linked to malware were identified over a three-day period, with users being misled into downloading seemingly legitimate updates.

Malware Distribution Techniques

The comments direct users to download a password-protected archive from mediafire.com or through bit.ly links, where the password is “changeme”. The archive, named ‘fix.zip’, contains DLL files and an executable called x86_64-w64-ranlib.exe.

When run, this executable installs Lumma Stealer, designed to exfiltrate cookies, credentials, passwords, credit card details, and browsing history from browsers including Chrome, Edge, and Firefox. It may also target cryptocurrency wallets, private keys, and text files containing sensitive information.

GitHub’s Countermeasures and User Impact

GitHub’s staff is actively removing these malicious comments when found, but some users have already fallen victim. Users affected are recommended to change their passwords, ensuring each one is unique, and to transfer any cryptocurrency to new wallets. The issue gained attention when a contributor to the teloxide Rust library posted about it on Reddit. Further investigation by BleepingComputer demonstrated the attack’s wide reach, affecting multiple GitHub projects.

This is not an isolated event. Last month, Check Point Research reported a similar campaign by Stargazer Goblin threat actors, who used over 3,000 fake GitHub accounts for distributing malware. It is unclear whether the recent incidents are related or represent a new campaign by different attackers. The attacks emphasize the ongoing difficulties in protecting open-source platforms from sophisticated malware distribution methods.

Exploitation of Trust in Development Platforms

Cybercriminals are misusing GitHub’s commenting feature to distribute malware masked as legitimate code fixes. By posting on popular repositories, they include malicious links or code snippets that appear to be genuine. When developers or users click on these links or use the code, they inadvertently install malware on their systems.

Experts recommend that developers exercise caution when adding code from comments or external sources. Verifying the authenticity and safety of the code before integration is essential. Keeping security software updated and practicing good cybersecurity hygiene can help reduce the risk posed by such attacks.

Last Updated on November 7, 2024 3:00 pm CET

Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
We would love to hear your opinion! Please comment below.x
()
x
Mastodon