University Crest

[wlug] Researchers Uncover Ring of GitHub Accounts Promoting 300+ Backdoored Apps

wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Peter Reutemann fracpete@w...
Wed Mar 6 09:20:56 NZDT 2019

'A security researcher has uncovered a ring of malicious GitHub
accounts promoting over 300 backdoored Windows, Mac, and Linux
applications and software libraries. The malicious apps contained code
to gain boot persistence on infected systems and later download other
malicious code -- which appeared to be a "sneaker bot," a piece of
malware that would add infected systems to a botnet that would later
participate in online auctions for limited edition sneakers.

All the GitHub accounts that were hosting these files -- backdoored
versions of legitimate apps -- have now been taken down. One account,
in particular, registered in the name of Andrew Dunkins, hosted 305
backdoored ELF binaries. Another 73 apps were hosted across 88 other
accounts. '

-- source:

Cheers, Peter
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174

More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato