Hiding in GitHub

SUMMARY :

An AMOS malware campaign has been discovered utilizing GitHub repositories to distribute malicious files. The attackers created a fake Ledger Live app that prompts users to enter their secret phrases, which are then exfiltrated. The malware uses obfuscation techniques, including base64 encoding and custom XOR operations. The campaign targets cryptocurrency users, specifically those using hardware wallets. The malware is distributed through DMG files and ZIP archives, containing both x64 and ARM64 versions of AMOS. The attackers use multiple domains for command and control, and the malware performs checks to detect virtual environments.

OPENCTI LABELS :

amos,stealer,macos,obfuscation,cryptocurrency,github,ledger,hardware-wallet


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Hiding in GitHub