A new malware campaign, targeting finance and insurance sectors, is using infected GitHub repositories to distribute the Remcos remote access trojan (RAT).

GitHub is an online platform which allows software developers to store and share code online. It’s like an online hard drive, but one which is specifically dedicated to coding projects. It’s main use is to foster collaboration between developers and track changes in their code as it evolves. However, as it’s a trusted source, it makes it the perfect target for hackers. On this occasion, the threat actors haven’t been starting malicious repositories. Instead, they’ve been taking advantage of the comments section in legitimate repositories.

The Dangers of GitHub Comments

The GitHub attack in question appears to be targeting genuine open-source repositories, with those affected including HMRC, Inland Revenue, and UsTaxes. These are well-known and trusted repositories. Users wouldn’t expect to be infected by malware visiting these, whereas lesser known and newer repositories pose more of an obvious risk. So, how are the threat actors compromising these accounts? Well, they’re uploading malware files into the comments section.

Although the comment is deleted, the link to file stays in place. Phishing emails are then used to redirect users to the infected link on GitHub. Again, as GitHub is a genuine, trusted platform, these phishing emails are not detected as being suspicious. This puts the recipient at risk of unknowingly downloading and executing the Remcos RAT. This RAT allows threat actors to remotely take control of an infected PC. From here, they can steal your data, execute further commands on your system, and monitor all your activity. This makes the attack highly dangerous and follows in the footsteps of numerous GitHub attacks in the last year.

Staying Safe from Malicious Comments

Your employees may not have anything to do with software development, but the Remcos RAT relies on phishing techniques which could easily deceive them. Therefore, you need to ensure your employees stay safe from this innovative threat. The best way to achieve this is by following these best practices:

For more ways to secure and optimize your business technology, contact your local IT professionals.


Leave a Comment