Cryptojacking Campaign Alert! GitHub Account and Unofficial GitHub CDN Removed

GitHub Attacked

Cyber miscreants have inclined to GitHub and GitHub-related services to stealthily distribute cryptocurrency mining malware without user consent.
Git is a tool, a revision control system to manage source code history. Git stores this information in a data structure called repository. GitHub is a static site hosting service of Git repository that aims to manage project or set of files, personal and organization pages.GitHub CDN Deleted
Cryptocurrency mining malware are developed to take over computers’ resources and harness the system’s processing power to generate revenue. According to the researches by renowned cyber security companies, a single cryptocurrency mining botnet (collection of internet- connected devices like PCs, mobiles, servers etc infected with the common type of malware without user knowledge) can earn up to $30,000 per month to its developers.
Many cryptojacking campaigns have been identified in the past months that left GitHub attacked . For instance, forking random projects on GitHub and hiding malicious executable in the directory structure of these projects has been a common practice since long.
When crooks discovered that their malicious tactics have been discovered and combated by security researchers, they devised a new approach that used GitHub-related services instead.

What is RawGit?

Developers have found a new deceitful way to mine cryptocurriences via RawGit. RawGit is a web app that acts as a caching proxy for GitHub files. It is an unofficial Github service that is used to serve requested files from GitHub repositories to externally hosted CDN.
RawGit forwards user requests to GitHub, caches the responses, and relays them to your browser. The caching layer ensures that that GitHub has minimal load and provides quick and easy access to files directly from GitHub repository.

How is RawGit CDN used to spread Cryptocurrency mining malware?

In recent cryptojacking operation Cybercriminals upload Cryptocurrency mining malware script on GitHub account named jdobt and then cached the raw file using RawGit. They then left the GitHub attacked by deleting the original account to remove evidences.
The malicious code was then embedded on hacked sites using RawGit URL, a domain that is usually considered to be authentic and hence not susceptible to additional security software scans.
Moreover, RawGit URLs with a reference to these malicious files existed even after being removed from GitHub, making it a preferable choice over direct links to GitHub.
The technique, cleverly planned to abuse RawGit URLs – is a service known only to web developers who use this service for personal testing or for sharing temporary demos with few people during development.

RawGit’s Abuse ends in vain 

GitHub CDN Deleted
The attempt to abuse RawGit turns out to be a huge fail as:
Read Full News:- Click hear

Comments

Post a Comment

Popular posts from this blog

How to Remove Search.newtabtvsearch.com or NewTabTV Redirect?

Image
Search.newtabtvsearch.com is a nasty browser hijacker that hijacks your browser to alter its homepage and new tab functionality. Besides that, it displays constant banners, pop-ups and annoying ads to diminish your overall browsing experience. What is Search.newtabtvsearch.com Redirect? Search.newtabtvsearch.com or Newtab-TV Redirect is a browser hijacker presented in the form of suspicious search engine. This search engine has been developed by Imali Media Ltd. and the company claims that the application let the users watch television, news and their favorite shows on their PC. It will replace the page you see when opening a new tab as given in the image below: Upon installation, Search.newtabtvsearch.com will present its search results to the user through http://search.yahoo.com. Browser extensions like Newtab-TV get installed as a result of software bundling along with free software or applications which the user download off the internet. Threat Summary   ...
Read more

How to remove Speedtest-guide.com redirect from your system

Image
Guide to Remove Speedtest-guide.com redirect Speedtest-guide.com redirect is a nasty browser hijacker that changes the default browser settings such as home-page, search engine & new tab functionality. In addition to that, it displays annoying ads & causes infuriating redirects to dubious sites, thus deteriorating the web-browsing experience. This rogue browser redirector claims to be a free tool that can be used to test Internet speed & customize the web search. It also enables the users to keep a track of the previous tests & access speed boosting tips. While Speedtest-guide.com appears to be a useful & legit application, the users have reported of its questionable behavior. Firstly, to operate on a system, it requires modifying the browser settings without user’s permission. It does so to promote a fake search engine - Speedtest-guide.com. It causes unnecessary browser redirects & possesses the capability of tracking down user’s online ...
Read more

Tampermonkey Chrome Extension Blacklisted by the popular Web Browser Opera

Image
Chrome Web Store is facing an uphill battle from the last few years for hosting malevolent add-ons that claim to enhance your web browser capabilities. Tampermonkey, the widely used free browser extension known to manage user scripts & offer valuable features to improve user’s browsing experience has been declared malicious by the infamous Opera web Browser. So if you have installed  Tampermonkey 4.7.54  extension from Chrome web Store in Opera Browser & using it, you will be alerted by the warning: Opera has blacklisted one of your extensions, and we’ve blocked it for your safety. Go to the extensions manager for more details The popular user script manager extension, Tampermonkey has over 10 million users & is available for all the popular browsers including Chrome, Safari, Opera, Firefox & Microsoft Edge. The distinctive attributes offered by the extension include: Clear Overview over the running scripts. ZIP- based import & export A built-in e...
Read more