Recently, a cybercrime operation has been exposed, and the threat actor dubbed “Stargazer Goblin”. In this scheme, the popular platform GitHub distributes malware through a network of over 3000 fake accounts. The mastermind behind this operation has established a Distribution-as-a-Service platform that generates significant profits from unsuspecting victims.
The network has been active since August 2022 in some preliminary form, although an advertisement for the DaaS wasn’t spotted in the dark until early July 2023.
The threat group used a relatively small number of these accounts to distribute the malware and malicious links, and the left ones are used to make the rouge repositories appear legitimate. The idea for doing so is to give them a veneer of innocence.
Thousands of fake GitHub accounts are created, and activities are maintained to mimic legitimate users and then create a complex web of repositories containing malicious links or malware.
The threat actor manipulates the social features of GitHub, such as starring, forking, and following. This made fake accounts look trustworthy.
The Stargazer Goblin has turned this scheme into a profit machine. Other cybercriminals were charged to use this network for distributing their own malware. The mastermind behind all of this has created over $100,000 in the past year alone, underscoring the financial impact of cybercrime.
This incident serves as a reminder of the evolving landscape of cyber threats. We can keep ourselves safe by approaching unsolicited links with caution, even if they seem to originate from trusted sources. Also, ensure that your OS or software are updated with the latest security patches. By doing this, we can reduce the risk of falling victim to malicious schemes.
Knowledge and awareness are crucial in the fight against cybercrime.
