Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer | Cybersecurity

Mar 16, 2024. NewsroomMalware / Cybercrime.

Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro.

The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in question have since been taken down by the Microsoft-owned subsidiary.

“The repositories look similar, featuring a README.md file with the promise of free cracked software,” the German cybersecurity company said.

“Green and red circles are commonly used on Github to display the status of automatic builds. Gitgub threat actors added four green Unicode circles to their README.md that pretend to display a status alongside a current date and provide a sense of legitimacy and recency.”

The list of repositories is as follows, with each of them pointing to a download link (“digitalxnetwork[.]com”) containing a RAR archive file –

  • andreastanaj/AVAST
  • andreastanaj/Sound-Booster
  • aymenkort1990/fabfilter
  • BenWebsite/-IObit-Smart-Defrag-Crack
  • Faharnaqvi/VueScan-Crack
  • javisolis123/Voicemod
  • lolusuary/AOMEI-Backupper
  • lolusuary/Daemon-Tools
  • lolusuary/EaseUS-Partition-Master
  • lolusuary/SOOTHE-2
  • mostofakamaljoy/ccleaner
  • rik0v/ManyCam
  • Roccinhu/Tenorshare-Reiboot
  • Roccinhu/Tenorshare-iCareFone
  • True-Oblivion/AOMEI-Partition-Assistant
  • vaibhavshiledar/droidkit
  • vaibhavshiledar/TOON-BOOM-HARMONY

The RAR archive, which requires the victims to supply a password mentioned in the repository’s README.md file, contains an installer file, which unpacks the next-stage payload, an executable file that’s inflated to 699 MB in an effort to crash analysis tools like IDA Pro.

The actual contents of the file – amounting to a mere 3.43 MB – act as a loader to inject RisePro (version 1.6) into either AppLaunch.exe or RegAsm.exe.

RisePro burst into the spotlight in late 2022 when it was distributed using a pay-per-install (PPI) malware downloader…

read more thehackernews.com

FTC: We use income earning affiliate links. More on Sposored links.
Terms of use and third-party services. More here.

Ad Amazon Minecraft Clothing, toys, and accessories.

Stay connected throughout the year with official, ongoing Microsoft podcasts.
Microsoft Podcasts Apple | Microsoft podcasts YouTube

“Start where you are. Use what you have. Do what you can.” —Arthur Ashe

Related Posts