Researchers uncovered a GitHub code ring made up of 89 accounts promoting 73 repos that contain over 300 apps with backdoors (via DFIR.it).
[Cellebrite Hacking Tool Sells on eBay for $100]
Don’t miss the best of The Mac Observer
Set us as a preferred source and our Apple reporting ranks higher in your Google Search results and Discover feed — one tap, no account changes.
Backdoored Apps
The malicious apps had code that let them stay on infected computers and survive restarts, as well as an ability to download more malicious code. The GitHub accounts promoted apps and software libraries for Windows, macOS, and Linux.
In one sample, one of the apps downloaded a Java-based “sneaker bot” named Supreme NYC Blaze Bot (supremebot.exe). A sneaker bot is malware that adds infected computers to a botnet where they all participate in online auctions for limited edition sneakers.
The GitHub code ring has been taken down, with the accounts being used to watch the repositories and help boost their popularity in GitHub’s search results.
Discussion