Get All Access for $5/mo

New Malware Campaign Targets Finance and Insurance Sectors Using GitHub Links In India, there are currently 13.2 million developers using GitHub, also ranks second globally, after the US, in the number of GenAI projects hosted on GitHub

By Entrepreneur Staff

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Freepik

A new cyberattack campaign targeting the finance and insurance industries is leveraging GitHub links to bypass security measures and deliver malware, according to recent findings by cybersecurity firm Cofense. The campaign uses phishing emails that contain links to trusted GitHub repositories, tricking recipients into downloading a dangerous Remote Access Trojan (RAT) called Remcos.

This technique stands out because the attackers are using legitimate open-source repositories like UsTaxes, HMRC, and InlandRevenue, rather than the usual suspicious or low-star GitHub repositories. Jacob Malimban, a researcher at Cofense, noted that this is a shift from the traditional methods, where threat actors create their own malicious GitHub repositories.

The attack abuses GitHub's infrastructure by uploading malicious files as comments in well-known repositories. Once uploaded, the comment is deleted, but the link to the malware file remains active. This method, first discovered by OALABS Research earlier this year, leaves little trace, making it difficult for security teams to detect the threat.

"Emails containing links to GitHub are effective at bypassing email security systems because GitHub is a trusted domain," said Malimban. Attackers use these links to deliver the malware archive directly through email, avoiding other methods like QR codes or Google redirects.

This is not the only new tactic observed in recent phishing attacks. Barracuda Networks has reported other innovative methods used by cybercriminals, such as ASCII- and Unicode-based QR codes and blob URLs. These tactics make it more challenging for security systems to block malicious content.

A blob URL, as explained by security researcher Ashitosh Deshnur, is a type of link used by web browsers to handle binary data like files or images directly in the browser, bypassing the need for external servers. This tactic gives attackers another way to deliver harmful content undetected.

Additionally, cybersecurity firm ESET has uncovered new scams targeting popular accommodation booking platforms like Booking.com and Airbnb. Scammers are using compromised accounts of legitimate hotels to contact customers, asking them to resolve fake payment issues by clicking on malicious links. The rise in such attacks was noted in July 2024, with attackers focusing on customers who had recently booked or made payments.

The group behind these booking scams, known as Telekopye, has also improved its toolkit by automating the creation of phishing pages and using chatbots to communicate with victims. Despite the sophistication of these scams, law enforcement agencies in Czechia and Ukraine arrested several members of the group in late 2023. Authorities revealed that the criminals recruited individuals in difficult life situations, offering them "easy money" for assisting in these schemes.

As these attacks become more creative and harder to detect, businesses in the finance, insurance, and hospitality sectors need to remain vigilant and adopt stronger cybersecurity measures to protect their systems and customers.

In India, there are currently 13.2 million developers using GitHub, compared to approximately 20 million in the US. India also ranks second globally, after the US, in the number of generative artificial intelligence (genAI) projects hosted on GitHub.

Entrepreneur Staff

Entrepreneur Staff

Editor

For more than 30 years, Entrepreneur has set the course for success for millions of entrepreneurs and small business owners. We'll teach you the secrets of the winners and give you exactly what you need to lay the groundwork for success.
Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

News and Trends

AWE Funds to Scale Women-Led ClimateTech Initiatives with CGEF Grant

The grant will empower AWE Funds to expand initiatives, invest in women-led climate companies, enhance accelerator programs, and launch a fellowship nurturing young women professionals in climate and sustainability.

News and Trends

India's Data Center Capacity to Reach 2,070 MW by End of 2025: CBRE

Cumulative investment commitments in the data center sector in India to cross USD 100 billion by 2027. Mumbai, Chennai, and Delhi-NCR to lead data center supply addition

Growth Strategies

Amazon To Improve Services In Tier II, III Cities: Samir Kumar, Country Manager

The bigger share of our business is coming from Tier II,III and beyond, says Samir Kumar, country manager, Amazon India

News and Trends

Multiples Private Equity Leads INR 1000 Cr Funding in Shubham Housing

With the raised funds, the Gurugram-based platform aims to propel its growth trajectory, diversifying its product offerings and strengthening its national footprint.

News and Trends

Former Cleartrip CEO Ayyappan R Eyes Quick Commerce with FirstClub

After stepping down as Cleartrip's CEO earlier this year, Ayyappan brings his expertise from leading positions at Flipkart, including his role as chief business officer at Myntra.