Researchers Unveil Sophisticated Malicious Operation on GitHub: Stargazers Ghost Network Targeting Gamers, Social Media Enthusiasts, and Crypto Holders

Researchers from Check Point have uncovered a sophisticated malicious operation on GitHub, unlike anything seen before. The phishing ring, known as Stargazers Ghost Network, is targeting gamers, social media enthusiasts, and crypto holders through malicious repositories.

GitHub, owned by Microsoft, is a vital platform for software developers with over 100 million users and 420 million repositories. Phishers are taking advantage of this by creating fake accounts and repositories to distribute malware and malicious links.

The network operator behind this operation, identified as “Stargazer Goblin,” was discovered through dark web ads in June 2023. The network’s sophistication lies in its ability to make malicious repositories appear legitimate by using actions like starring, forking, and subscribing.

Fake accounts are used to own repositories with malicious links, boost them with other fake accounts, and release malicious repositories. The network targets specific victims based on their interests, including social media, gaming, and cryptocurrency.

Researchers warn that the threat actor behind this operation can have a significant impact by spreading ransomware infections, stealing credentials, or compromising crypto wallets. The network has already earned around $8,000 in less than a month and could have made over $100,000 since August 2022.

The network operates a Distribution as a Service (DaaS) model, distributing various types of malware. Researchers believe that GitHub Ghost accounts are just the beginning and that similar accounts may be operating on other platforms like Twitter, YouTube, and Instagram. Users across all platforms should be cautious of any links containing executables to avoid falling victim to malware attacks.