Dimnie Data-Stealing Malware Targets Developers on GitHub
By MDL on April 3, 2017
Phishing emails targeting developers who own repositories on Github offered praise and jobs, but they also included an attached trojan.
A malicious .doc file attached to the email contained an embedded macro that executed a Powershell command to install and execute malware that can steal data through keyloggers and screenshots and includes a self-destruct module to delete all files, in effect, wiping any evidence that it was ever there. Dimnie was first identified in 2104, and in the past it targeted mainly Russian-language users.
Because the main purpose of the malware appears to be data-stealing and stealth is a priority, the goal of these phishing attacks may be reconnaissance. Malicious actors can quietly gather enough information over a period of time to help them gain access to the tech organizations that employ these developers.
Sources: Threatpost, Github Repository Owners Targeted by Data-Stealing Malware. WeLiveSecurity, Malware campaign targets open source developers on GitHub. Palo Alto, Dimnie: Hiding in Plain Sight.
-
Global Weekly Executive Summary, 02 November 2018
Global Weekly Executive Summary, 02 November 2018
11/7/2018 -
Global Weekly Executive Summary, 3 August 2018
Global Weekly Executive Summary, 3 August 2018
8/3/2018 -
Global Weekly Executive Summary, 21 MAY 2018
Global Weekly Executive Summary, 21 MAY 2018
6/22/2018