Cybersecurity researchers at Check Point Research have uncovered a malicious network on GitHub, dubbed the “Stargazers Ghost Network.”
This network, which has been operating under the radar, utilizes a complex system of fake accounts and repositories to distribute malware and phishing links.
The network has been active since at least January 2024 and has already infected over 1,300 victims with a new malware family known as “Atlantida stealer.”
This malware is designed to steal user credentials, cryptocurrency wallets, and other sensitive information.
Stargazers Ghost Network Operation
The Stargazers Ghost Network operates by creating fake GitHub accounts that appear legitimate, with some even having many “stars” and “followers.”
- Over 2,200 malicious repositories discovered on GitHub
- Over 1,300 victims infected with Atlantida stealer malware
- Network uses sophisticated automation and fake accounts to maintain operations
- Malware uses PowerShell scripts and .NET injectors to infect victims’ computers
- Stolen information includes login credentials, cryptocurrency wallets, and browser data
These accounts are used to distribute phishing links and malware, which are often disguised as legitimate software or tools.
The researchers found that the network uses a sophisticated system of automation to maintain its operations, with different accounts having different “roles” to minimize damage in case of detection.
The network also uses password-protected archives to hide malicious activities from scanning solutions.
The Atlantida stealer malware, distributed by the network, uses a complex system of PowerShell scripts and .NET injectors to infect victims’ computers. Once infected, the malware can steal sensitive information, including login credentials, cryptocurrency wallets, and browser data.
The researchers believe the Stargazers Ghost Network is just the tip of the iceberg, with many more malicious networks operating on GitHub and other platforms.
They urge users to be cautious when downloading software or clicking on links from unknown sources.
Recommendations:
- Be cautious when downloading software or clicking on links from unknown sources
- Use reputable antivirus software to scan for malware
- Regularly update software and operating systems to prevent vulnerabilities
- Use strong passwords and enable two-factor authentication to prevent unauthorized access
The discovery of the Stargazers Ghost Network highlights the importance of cybersecurity awareness and the need for users to be vigilant when using online platforms. By taking the necessary precautions, users can protect themselves from falling victim to these types of malicious networks.
Download Free Cybersecurity Planning Checklist 2024 (PDF) – Download Here
