Targeted Malware Takes Aim At GitHub Developers

Researchers have discovered malware targeting developers using the GitHub repository in a targeted campaign that seeks to steal information and passwords.

The campaign, to which computer security researchers Palo Alto Networks were first alerted in January, puts individual developers at risk, and could also indicate that attackers are looking to manipulate software projects.

Flying under the radar

While the attackers user typical email phishing tactics to infect targets, the malware is unusual in that it appears to have been around since at least early 2014, but has avoided coming to the attention of researchers until now, Palo Alto said.

That’s in part because it previously targeted only Russian-speaking individuals, and is also due to its use of tactics that disguise its communications to avoid detection.

“During its lifespan, it appears to have undergone few changes and its stealthy command and control methods combined with a previously Russian focused target base has allowed it to fly under the radar up until this most recent campaign,” Palo Alto said in an advisory.

The malware, called Dimnie, is capable of downloading a variety of modules enabling different types of reconnaissance data theft, including keylogging and screenshots.

Dimnie camouflages the module downloads and injects them into the memory core Windows processes, making analysis difficult.

Camouflage

The traffic used to send data to attackers is also camouflaged, although less expertly than that of the module downloads, according to the researchers.

Furthermore, the malware is capable of self-destructing, meaning those affected might never discover it had ever been present on their systems.

Palo Alto warned developers to avoid opening suspicious email attachments.

Security expert Graham Cluley said the malware campaign appears to be aimed at stealing information from businesses.

“It seems likely that the masterminds of this attack are doing so to gather information and perhaps steal credentials that could help them access other businesses for whom the developers may be working,” he wrote in a blog post.

He said it is also possible the attackers may be looking to secretly introduce weaknesses into coding projects.

“These targeted attacks are a healthy reminder to all computer users – however technical – that they should always think twice about clicking on unsolicited attachments.”

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Intel, AWS To Collaborate On AI Chip In Major Win

AWS to work with Intel on designing, manufacturing AI data centre chip in significant win…

23 hours ago

Intel ‘Lost PlayStation 6 Chip Bid To AMD’

Intel reportedly lost bid to design, manufacture PlayStation 6 processor to AMD in blow to…

23 hours ago

US Sanctions Commercial Spyware Group

US issues new sanctions on Intellexa, Greece-based company founded by former Israeli military office, over…

24 hours ago

Pioneering Researcher Raises $230m For ‘Spatial’ AI Start-Up

Pioneering AI researcher Li Feifei raises $230m in venture funding for World Labs, with valuation…

1 day ago

China ‘Closing Gap’ With West In AI

China rapidly closing gap with US and West on artificial intelligence and other areas, while…

1 day ago

China Touts ‘Significant’ Advances In Chipmaking Tools

China's technology ministry says two upcoming chip manufacturing tools made 'significant breakthroughs', but still lag…

1 day ago