GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure
May 20, 2024, 4:38 p.m.
Description
In recent research, Recorded Future's Insikt Group uncovered a sophisticated cybercriminal campaign led by Russian-speaking threat actors from the Commonwealth of Independent States (CIS). These threat actors leveraged a GitHub profile to impersonate legitimate software applications like 1Password, Bartender 5, and Pixelmator Pro to distribute various malware types, such as Atomic macOS Stealer (AMOS) and Vidar. This malicious activity highlights the abuse of trusted internet services to orchestrate cyberattacks that steal personal information.
Tags
Date
- Created: May 20, 2024, 4:33 p.m.
- Published: May 20, 2024, 4:33 p.m.
- Modified: May 20, 2024, 4:38 p.m.
Indicators
- f83261fc31892d0e4eda20fb2f1107ca64d60f282abdcde58b4e8726b80382b4
- cd39b0faa64702e596afc66fe32b467c478724a0fbda9fa8679f64927f34c1b2
- cbbbd6b953b3e377662407c18a423225e214127707447c9c8318bc1e0863b82d
- c301eb35ea5e8c216aa841c96aca078f7fe9950382de17ae928d5de02b586033
- b1b162e0d066425bfa84ba6eacc976ba36a348c90d87901dc06bab55e26b5939
- 95aadba24cb01df8760f2d3f80ef29d2c452b43945a1ad22e29a0771c12f04f1
- 89ed92a03d1e8e2ff06e74a51a0dfabb4cbaa27794a2d2588015d219956a1e7b
- 824e35d8dd11acdcb3c48d8c66114eccb25c2fff2d8cb047cd5b4b6c22c481a7
- 7e0f9a359298e0822e7de42db933a5e1d6f46255b47e0d86dd4d16abad44f834
- 78ebf9dc8f62b49077393d2753746170e300f6ad7eb740c19ac449ae3d3ef8b1
- 7835e499d0030c850f7dd9b56d58ad7027f9bcda81348178ac029a22e0926da8
- 6f709406f88bde5a1622f42b2b22cfdb4fa03cf36d4f518df9c7ed9793f8ae9a
- 688636e7f11b16ef685115e84c98aa006fdb6e3dd72b2a7e984b41b57b8cd315
- 5db172c8d55088cfd5b3e148168f51e01893128b0ef35fbf971ec78d40354021
- 5a75c44fee834f08819ac3b3d114fb723fce11f4f15a2ac256af5b8d76d3c85e
- 4e1d26d3a7feb06780717a7d99ebac8b926b0dffd2234e2f2704aee3a1c39474
- 42c33e7d37c8af8713e9c2557a6c27b92ea9aff88d88adfe4d68796860b68f4e
- 40f50f931029048dd6f81fc07268a5ccd5714e637206f92dea2e5a847c67dd69
- 3534353639643261616165373137363333356136376266373265383637333666
- 3335366532396633346264303137363965376666616565313833623436353833
- 299f731437df0c0548275a35384f93ef9abfc2f020d507f4fe22f641abe5817c
- 17b52120268ceacf4a9d950d709b27aae11a5ddcbf60cbb9df340f0649c2849f
- 16dbfb956e720b0b7c3ba5364765859f2eb1a9bf246daeeae74fb3f0d8c911da
- 152cb8b36dd023d09c742a033e76b87c6e4c2f09f6d84757001f16705eab05e7
- 1383462f7f85b0a7c340f164472a7bd1dea39b23f674adc9999dca862346c3ef
- 107a3addcb5fd5550b1bcd7a1c41f8e11e3911078d47ce507697f2f2993ff6d2
- 0ae581638cedc98efb4d004a84ddd8397d1eab891fdfd836d27bd3ecf1d72c55
- f81f1dfc07e5b84cd158ed24ec60ac43a2d2427835d4d1a21b8f8622b7b706a6
- 705b899bcf83311187021a29369e5344bf4477579a3e7485055d1fe8e0efcbb3
- 401c113bc24701e80468047974c19c3b7936e4d34a6625ce996c12d1639de3ba
- 3805cb7589da01a978e899fd4a051adec083c8543343ce637e448716cbbbcef1
- 81.31.245.209
- 77.246.158.48
- 5.42.65.108
- 5.42.64.83
- 5.42.64.45
- 49.13.89.149
- 45.61.137.213
- 31.41.244.77
- 195.85.115.195
- 193.149.189.199
- 188.120.227.9
- 185.215.113.55
- 140.82.20.165
- 95.217.234.153
- 5.42.65.114
- 185.172.128.132
- http://github.com/papinyurii33
- patrikbob100.fvds.ru
- dekabristiney.fvds.ru
- ultradelux.buzz
- theoryapparatusjuko.fun
- telephoneverdictyow.site
- strainriskpropos.store
- snuggleapplicationswo.fun
- smallrabbitcrossing.site
- skylum.store
- sipapp.lat
- setapp.ink
- servicescraft.buzz
- rize.lat
- rainway.cloud
- punchtelephoneverdi.store
- pixelmator.us
- password-app.pro
- orbitpettystudio.fun
- macbartender.lat
- lightpillar.lat
- iina-app.lat
- figma.lat
- cleanshot.ink
- aptonic.xyz
- pixelmator.pics
- parallelsdesktop.pro
- cleanmymac.pro
- arcbrowser.pro