Malware campaign targets open source developers on GitHub – [welivesecurity.com] – The malware, called Dimnie by Palo Alto researchers, is detected by ESET security products as VBA/TrojanDownloader.Agent.CLB. If it successfully manages to infect a target’s computer, the Trojan can spy upon the PC’s activity – logging keystrokes, taking screenshots, and stealing information. Someone unknown is now spying on the activities of a programmer working on open source software, potentially stealing their passwords and perhaps meddling with the open source code that is being published online. What makes this latest version of the Dimnie Trojan more sophisticated is its sophisticated methods of camouflaging its behaviour, in an attempt to avoid its suspicious data exfiltration being picked up by security products which might be running on the coder’s network. In a final flourish of panache, the Trojan is even capable of self-destructing, destroying evidence that it was ever present on the developer’s PC. Speculation is sure to mount as to the motivations of whoever is targeting developers who use GitHub, but it seems likely that the masterminds of this attack are doing so to gather information and perhaps steal credentials that could help them access other businesses for whom the developers may be working. Furthermore, we shouldn’t dismiss the possibility that the attackers are interested in secretly introducing weaknesses into coding projects under the guise of a trusted, legitimate programmer.
Southern Poverty Law Center
The Aboriginal Press News Service (APNS) is the international, non-partisan, not-for-profit, grassroots newswire of the Aboriginal News Group (ANG).
The Aboriginal News Group (ANG) seeks to support, educate and unify Indigenous bloggers & Indigenist Activists covering news information important to Original Peoples, First Nations communities and other ethnic-minorities subjected to discrimination, marginalisation, neoliberal exploitation racialism and genocide.
Error: Twitter did not respond. Please wait a few minutes and refresh this page.
Inteligenta Indigena Novajoservo™ (IIN) is produced by the Aboriginal Press News Service™ (APNS), and is an Internet publication of the Aboriginal News Group™ (ANG). All editorial text, posted news items and related post images employed within this newswire are published under a CC: Attribution-Noncommercial 3.0 license unless otherwise stated. Meaning, any fair dealing for the purposes of private study, research, criticism or the much needed elucidation of the Fourth World masses without monetary gain is duly permitted and encouraged provided credit is given where credit is due to all parties concerned. It is believed that this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. Accordingly, said material is distributed here without profit to those who have expressed a prior interest in receiving such information for research and/or educational purposes. This autonomous publication assumes no liability for the content and/or hyperlinked materials of any other website. Nor do we accept paid advertising, swag, or monetary donations. APNS-ANG and its affiliate orgs do not advocate, encourage or condone any type/form of illegal behaviour. All news material posted is provided for informational purposes only.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.