The initial payload downloaded from GitHub acted as a dropper, deploying two additional malware payloads. The second-stage malware collected system configuration details, including memory size, graphics specifications, screen resolution, operating system details, and user paths. The third-stage payloads varied but often included command-and-control (C2) functionalities, allowing attackers to download further malicious files, exfiltrate sensitive data, and evade security defenses.
The campaign’s complexity was marked by four to five layers of redirection, reinforcing the attackers’ ability to distribute various strains of malware designed to steal information, including stored browser credentials. Microsoft has since worked to remove the malicious GitHub repositories and provided security teams with indicators of compromise to aid in detecting and mitigating similar threats. This incident highlights the evolving tactics of cybercriminals and the need for proactive defenses against malvertising and supply chain exploits.
Source: The Register
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.