Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
New malware campaign in GitHub, accounts spreading malware using MediaFire
7 points by steveiliop56 on Aug 27, 2024 | hide | past | favorite | 3 comments
Hello everyone,

There is a new malware campaign in GitHub where normal looking accounts are posting messages looking like this:

Download www.mediafire.com/file/DONOTCLICKMEORCOPY password: changeme In the installer menu, select "gcc."

I personally received 3 of these on the same issue but luckily GitHub takes action immediately and deletes the accounts when you report them.



Same here on my issue tracker, seems to be GitHub wide.

https://i.imgur.com/jJljJp8.png

They reply with the message to new issues, which makes their notification email look like a direct solution to the submitter's issue, so they'll probably catch out a lot of people...


Does anyone know what the malware does? I just saw this myself.


A sandbox service identifies it as Lumma Stealer, so it'll at least steal all your passwords, cookies and cryptocurrency, and then anything else after that is fair game too:

https://socradar.io/malware-analysis-lummac2-stealer/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: