Cybersecurity researchers have uncovered a sophisticated malware distribution network operating under the moniker “Stargazer Goblin.” This malicious entity has leveraged over 3,000 compromised and fake GitHub accounts to distribute a variety of information-stealing malware, including Atlantida Stealer, Lumma Stealer, Rhadamanthys, RisePro, and RedLine.
The network, dubbed the “Stargazers Ghost Network,” has been active since at least August 2022, according to Check Point Research. The threat actors behind this operation have created a complex infrastructure, utilizing GitHub repositories as a platform to host malicious code disguised as legitimate software.
To enhance the legitimacy of these malicious repositories, Stargazer Goblin has engaged in a systematic process of starring, forking, and subscribing to other repositories within the network, creating a web of interconnected accounts. This tactic aims to manipulate GitHub’s algorithms and increase the visibility of malicious content in search results.
The implications of this discovery are significant. It highlights the increasing sophistication of cybercrime and the challenges faced by cybersecurity professionals in combating these threats. As GitHub is a widely used platform for developers, this incident underscores the importance of exercising caution when downloading code from external sources.
Would you like to know more about how this network operates or the potential impact on users?
