GitHub Goblins: How Stargazer’s Ghost Network Made $100K Distributing Malware
Stargazer Goblin’s “Stargazers Ghost Network” uses over 3,000 fake GitHub accounts to distribute malware, netting $100,000 in illicit profits. This sophisticated operation involves everything from starring to phishing, making their accounts appear legitimate while avoiding GitHub’s takedowns. Check Point’s research reveals the network’s resilience and adaptability.
Hot Take:
Looks like Stargazer Goblin is taking “fake it till you make it” to a whole new level, except in their case it’s more like “fake it till you rake in the cash and infect a ton of devices!” And let’s be honest, GitHub is probably feeling like it’s hosting a Halloween party with all these ghost accounts lurking around.
Key Points:
- Stargazer Goblin has created over 3,000 fake GitHub accounts to distribute malware via a Distribution-as-a-Service (DaaS) model.
- The network, known as “Stargazers Ghost Network,” includes malware such as Atlantida Stealer, Rhadamanthys, and RedLine.
- These fake accounts engage in starring, forking, and subscribing to malicious repositories to appear legitimate.
- The network is structured to be resilient to GitHub’s takedown efforts by constantly updating links and using different account types.
- Other platforms like Discord, Facebook, Instagram, X, and YouTube are also involved in the larger DaaS scheme.
Already a member? Log in here