Hackers known as “Stargazer Goblin” running a network called Stargazers Ghost Network have been distributing malware, in particular info-stealing malware via over 3,000 fake accounts on GitHub.
Over 3,000 GitHub accounts used by malware distribution service (bleepingcomputer.com)
Using these accounts, compromised WordPress websites and relying on GitHub’s reputation as trusted source of code, the threat actors have been succesfully distributing a range of malware to victims.
Your Takeaway
Is a company you are using to produce code for your organsaition – either apps, web apps or website functionality – using GitHub to source some of that code?
These articles will help you to understand the risks:
What do you know about your website?
How much are you relying on your web designer to protect your reputation?
Clive Catton MSc (Cyber Security) – by-line and other articles