Microsoft-owned GitHub is haunted by ghost accounts spreading malware
Check Point Research has uncovered a network of GitHub accounts, dubbed the "Stargazers Ghost Network," that distributes malware via phishing repositories. This sophisticated operation, tracked under the name "Stargazer Goblin," acts as a Distribution as a Service (DaaS) model, allowing threat actors to share malicious links and software.
The network consists of over 3,000 active accounts that perform activities such as starring, forking, and subscribing to malicious repositories to make them appear legitimate. This tactic helps lure victims into downloading malware. The types of malware distributed include Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine.