Malware campaign targets open source developers on GitHub

Malware campaign targets open source developers on GitHub – [welivesecurity.com] – The malware, called Dimnie by Palo Alto researchers, is detected by ESET security products as VBA/TrojanDownloader.Agent.CLB. If it successfully manages to infect a target’s computer, the Trojan can spy upon the PC’s activity – logging keystrokes, taking screenshots, and stealing information. Someone unknown is now spying on the activities of a programmer working on open source software, potentially stealing their passwords and perhaps meddling with the open source code that is being published online. What makes this latest version of the Dimnie Trojan more sophisticated is its sophisticated methods of camouflaging its behaviour, in an attempt to avoid its suspicious data exfiltration being picked up by security products which might be running on the coder’s network. In a final flourish of panache, the Trojan is even capable of self-destructing, destroying evidence that it was ever present on the developer’s PC. Speculation is sure to mount as to the motivations of whoever is targeting developers who use GitHub, but it seems likely that the masterminds of this attack are doing so to gather information and perhaps steal credentials that could help them access other businesses for whom the developers may be working. Furthermore, we shouldn’t dismiss the possibility that the attackers are interested in secretly introducing weaknesses into coding projects under the guise of a trusted, legitimate programmer.

Advertisements
IPNOT GLOBAL

We are a group of grassroots activists from all over the world. Palestine Unites Us. News about Palestine and its supporters worldwide

settler colonial studies blog

A blog for the advancement of settler colonial studies

Longreads

The best longform stories on the web

REVOLUTIONS IN MY SPACE: A BLOG BY RITA BANERJI

"In a time of universal deceit, to tell the truth is an act of revolution." ~ George Orwell

parallax

The view from here ... Or here!

Emanzipatorische Antifa Wuppertal

Antiautoritäre, Solidarisch, Antifaschistisch

The Campaign to Fight Toxic Prisons

organizing resistance at the intersection of mass incarceration and the environment

British prisons: a personal account

“ I don't like jail, they got the wrong kind of bars in there." Charles Bukowski

Shiraz Socialist

Because there have to be some lefties with a social life

Melbourne Antifascists

Touch One, Touch All

DISACCORDS

An anarchist news blotter following events in Oceania & South East Asia

Maruti Suzuki Workers Union

Inquilab Zindabad! Mazdoor Ekta Zindabad!

WORKING-CLASS STUDIES ASSOCIATION

The Working-Class Studies Association supports scholarship, teaching, and activism related to working-class life and cultures.

In Moscow's Shadows

Analysis and Assessment of Russian Crime and Security

thekooriwoman

Gomeroi. This is MY truth.

Secular Pakistan

No Talibanisation, 'Honour' Killings, Blasphemy Vendetta

Transform Society

A site that educates & inspires souls

Ahona

Mariam Zohra D