GitHub Code Ring Promotes Over 300 Apps With Backdoors

example of computer code

Researchers uncovered a GitHub code ring made up of 89 accounts promoting 73 repos that contain over 300 apps with backdoors (via DFIR.it).

[Cellebrite Hacking Tool Sells on eBay for $100]

Backdoored Apps

The malicious apps had code that let them stay on infected computers and survive restarts, as well as an ability to download more malicious code. The GitHub accounts promoted apps and software libraries for Windows, macOS, and Linux.

github code ring virustotal screenshot
Testing a file with VirusTotal. Credit: DFIR.it

In one sample, one of the apps downloaded a Java-based “sneaker bot” named Supreme NYC Blaze Bot (supremebot.exe). A sneaker bot is malware that adds infected computers to a botnet where they all participate in online auctions for limited edition sneakers.

The GitHub code ring has been taken down, with the accounts being used to watch the repositories and help boost their popularity in GitHub’s search results.

[Teen gets Probation for Hacking into Apple Servers]

Photo by Henri L. on Unsplash

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.