- McAfee researchers find number of malicious GitHub repositories
- The repositories change every week, but always promise game cracks, hacks, or free access to commercial software
- But instead of the cracks, the victims get infected with Lumma Stealer
Cybercriminals are using GitHub to target children with infostealing malware, a new McAfee report has claimed, saying it spotted an ongoing malicious campaign on the popular code repository.
In an analysis, the researchers said they observed many repositories pretending to be game hacks, cracks, or free versions of otherwise commercial software. However, instead of providing these programs, the repositories were actually hosting Lumma Stealer, a known infostealer malware.
“McAfee Labs encountered multiple repositories, offering game hacks for top-selling video games such as Apex Legends, Minecraft, Counter Strike 2.0, Roblox, Valorant, Fortnite, Call of Duty, GTA V and or offering cracked versions of popular software and services, such as Spotify Premium, FL Studio, Adobe Express, SketchUp Pro, Xbox Game Pass, and Discord to name a few,” the researchers said.
Disabling the AV
This “network of repositories”, as McAfee described it, changes the description every week, and creates new repositories, since the old ones get flagged and removed by GitHub. The payload, however, always remains the same.
“These repositories also include distribution licenses and software screenshots to enhance their appearance of legitimacy,” McAfee concluded.
The descriptions also contain instructions on how to download and run the malware, and how to disable any antivirus programs on the computer, before running it. The attackers said that antivirus solutions flag these programs as false-positives, and can safely be ignored.
McAfee says this social engineering technique, combined with the trust GitHub enjoys with its users works well, and that the campaign infected many users. The researchers did not share any numbers, but stressed that the targets are mostly on the younger side:
“Children are frequently targeted by such scams, as malware authors exploit their interest in game hacks by highlighting potential features and benefits, making it easier to infect more systems.”
