A malware Distribution-as-a-Service (DaaS) has been developed by threat actors known as ‘Stargazer Goblin’. This service is comprised of over 3,000 false accounts on GitHub that are used to distribute information-stealing malware.
The malware delivery service, Stargazers Ghost Network, distributes password-protected archives that contain malware by utilizing compromised WordPress sites and GitHub repositories. For the most part, the malware is infostealers, including RedLine, Lumma Stealer, Rhadamanthys, RisePro, and Atlantida Stealer.
People may be more inclined to click on links they discover in the repositories of GitHub because it is a well-known, trusted service, and they are less likely to regard it with suspicion.
The operation was discovered by Check Point Research, which claims that it is the first time that a scheme of this magnitude and organization has been documented on GitHub.
The report by Check Point Research elucidates that the Stargazers Ghost Network’s campaigns and malware disseminated through this service are exceedingly successful.
“Thousands of victims installed software from what appears to be a legitimate repository in a short period of time, without suspecting any malicious intent.” The infections are rendered even more valuable by the fact that the extensively victim-oriented phishing templates enable threat actors to infect victims with specific profiles and online accounts.