Interesting social-engineering attack vector:
McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.
The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL.
What this means is that someone can upload malware and “attach” it to a legitimate and trusted project.
As the file’s URL contains the name of the repository the comment was created in, and as almost every software company uses GitHub, this flaw can allow threat actors to develop extraordinarily crafty and trustworthy lures.
For example, a threat actor could upload a malware executable in NVIDIA’s driver installer repo that pretends to be a new driver fixing issues in a popular game. Or a threat actor could upload a file in a comment to the Google Chromium source code and pretend it’s a new test version of the web browser.
These URLs would also appear to belong to the company’s repositories, making them far more trustworthy.
More Stories
Prison for cybersecurity expert selling private videos from inside 400,000 homes
A Korean cybersecurity expert has been sentenced to prison for illegally accessing and distributing private photos and videos from vulnerable...
Critical Vulnerabilities in Cinterion Modems Exposed
The flaws include CVE-2023-47610, a security weakness within the modem’s SUPL message handlers Read More
Mallox Ransomware Deployed Via MS-SQL Honeypot Attack
Analyzing Mallox samples, Sekoia identified two distinct affiliates using different approaches Read More
How to Stop Phone Spoofing
From impersonating police officers in Pennsylvania to employees of the City of San Antonio, scammers have been impersonating officials nationwide...
Ascension Ransomware Attack Diverts Ambulances, Delays Appointments
A ransomware attack on US private healthcare provider Ascension has disrupted patient care, with several hospitals currently on diversion Read...
How Did Authorities Identify the Alleged Lockbit Boss?
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich...