Lumma Stealer malware linked as project fixes in GitHub comments

Cybercriminals have found yet another way to infect software developers with malware – through comments on GitHub projects.

Whenever a developer uploads a project to GitHub, other community members can leave comments below. That way, the wider community can discuss spotting fallacies and vulnerabilities, potential improvements, different suggestions, and more.

Someone found a way to leave comments on the platform en-masse, and is using the technique to try and trick the developers into downloading the Lumma Stealer.

As observed by BleepingComputer, there have been thousands of comments, all across the platform, saying pretty much the same thing: “to fix your trouble check this fix, I see it in another issue,” followed by a link from mediafire.com or bit.ly, to a password-protected archive. The archive contains Lumma Stealer, an infamous piece of malware capable of stealing all sorts of sensitive information, from credentials, to cryptocurrency wallet data, to browser information.

It is often distributed through phishing campaigns, malicious attachments, or infected software downloads. In fact, last week security researchers from Mandiant warned that Lumma was being distributed through fake pirated movies online.

Lumma is known for being stealthy, grabbing the files without being spotted by antivirus or antimalware tools. It is offered as a service, for a subscription fee ranging between $250 and $1,000.

Apparently, the crooks left almost 30,000 comments across the platform, and while GitHub’s admins responded by deleting as many comments as possible, some people already fell for the trick.

GitHub is one of the world’s most popular platforms for software developers who build projects using Git. Last year, the platform reportedly had more than 100 million users, a figure which seems to be growing by the day. As such, GitHub is an extremely popular target for cybercriminals, who are always looking for new ways to sneak malware onto the platform.

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/2viAsX89eJReYQEQ3i3SwH-1200-80.jpg

Source link

NYT Connections today — hints and answers for Monday, September 30 (game #477)

NYT Strands today — hints, answers and spangram for Monday, September 30 (game #211)

Quordle today – hints and answers for Monday, September 30 (game #980)

I used this AI-powered workout app for an entire year – here’s 5 things I learned

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Asia shares dragged by Nikkei, China keeps rallying By Reuters

Reviving China’s stock market helps economic recovery, China Sec Journal says By Reuters

nikkei today: Japan’s Nikkei plunges 4% on stronger yen after Ishiba win

New Zealand reclaims record for largest haka dance By Reuters

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Lumma Stealer malware linked as project fixes in GitHub comments

Asia shares dragged by Nikkei, China keeps rallying By Reuters

Reviving China’s stock market helps economic recovery, China Sec Journal says By Reuters

nikkei today: Japan’s Nikkei plunges 4% on stronger yen after Ishiba win

New Zealand reclaims record for largest haka dance By Reuters

Leave a reply Cancel reply