The strange tale of ischhfd83: When cybercriminals eat their own

SUMMARY :

This investigation uncovered a large-scale campaign involving backdoored GitHub repositories targeting game cheaters and inexperienced cybercriminals. The threat actor, possibly linked to a Distribution-as-a-Service operation, uses multiple types of backdoors and a convoluted infection chain leading to RATs and infostealers. The campaign involves automated commits, obfuscation techniques, and complex payloads. Researchers found over 100 malicious repositories with distinct contributor roles, suggesting an automated framework. The eventual payload includes AsyncRAT, Remcos, and Lumma Stealer. The threat actor uses Telegram for notifications and various paste sites for hosting malicious code. This case highlights the complexity of modern cyber threats and the importance of cautious approaches to open-source repositories.

OPENCTI LABELS :

backdoor,rat,infostealer,telegram,obfuscation,remcos,asyncrat,lumma stealer,github


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


The strange tale of ischhfd83: When cybercriminals eat their own