GitHub is a popular code repository used by almost all software developers. Anyone can access it to share their code with practically anyone interested. Unfortunately, not every GitHub user is trustworthy. It has, in fact, been used to host malware at least a couple of times.
In March 2018, for instance, cybercriminals hosted cryptocurrency mining malware on GitHub. More recently, a researcher reportedly used the repository to host several malicious projects. WhoisXML API threat researcher Dancho Danchev took a closer look at one such campaign using six domains and subdomains as jump-off points.
Danchev’s findings led to the discovery of:
- More than 90 active IP resolutions of the domains and subdomains identified as indicators of compromise (IoCs), four of which were…
Source link