Daily Archives: July 25, 2024

Crowdstrike apologises for breaking the world to own IT Workers With $10 Uber Eats Coupons that are flagged by Uber as Fraudulent

Posted on by

Last week, the world reacted as 8.5 million computers crashed to bluescreen, grounding flights, crippling hospitals, and bringing down 911 services. This week, the world is reacting to the company responsible—Crowdstrike—offering its staff and the companies it works with a $10 Uber Eats voucher as way of apology for all their extra work over the weekend. People are not pleased.

[…]

Given Crowdstrike’s day-job is to help companies respond in the event of a cyberattack, you might imagine damage control was a concept with which it had some manner of familiarity. However, in an email sent out to its staff and partner companies, it managed the most impressively cloth-eared response, saying,

To express our gratitude, your next cup of coffee or late night snack is on us!

The email came with a code that would unlock a $10 Uber Eats voucher. A figure just low enough to be next to useless.

It would be very reasonable to suspect that this was one of very many fraudulent emails and links that have gone around since Friday’s incident, attempting to take advantage of the situation for malware, phishing and all manner of scams. However, according to CNN, a Crowdstrike spokesperson confirmed the emails were legitimate.

However, CNN reports that the spike in uses of the particular code caused Uber to flag it as fraud! Just perfect.

[…]

Source: Crowdstrike Says Sorry To IT Workers With $10 Uber Eats Coupons

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

Posted on by

A secretive network of around 3,000 “ghost” accounts on GitHub has quietly been manipulating pages on the code-hosting website to promote malware and phishing links, according to new research seen by WIRED.

Since at least June last year, according to researchers at cybersecurity company Check Point, a cybercriminal they dubbed “Stargazer Goblin” has been hosting malicious code repositories on the Microsoft-owned platform. GitHub is the world’s largest open-source code website, hosting millions of developers’ work. As well as uploading malicious repositories, Stargazer Goblin has been boosting the pages by using GitHub’s own community tools.

Antonis Terefos, a malware reverse engineer at Check Point who discovered the nefarious behavior, says the persona behind the network uses their false accounts to “star,” “fork,” and “watch” the malicious pages.

[…]

The Stargazers Ghost Network, which Check Point named after one of the first accounts they spotted, has been spreading malicious GitHub repositories that offer downloads of social media, gaming, and cryptocurrency tools. For instance, pages might be claiming to provide code to run a VPN or license a version of Adobe’s Photoshop. These are mostly targeting Windows users, the research says, and aim to capitalize on people potentially searching for free software online.

The operator behind the network charges other hackers to use their services, which Check Point call “distribution as a service.” The harmful network has been spotted sharing various types of ransomware and info-stealer malware, Check Point says, including the Atlantida Stealer, Rhadamanthys, and the Lumma Stealer. Terefos says he discovered the network while researching instances of the Atlantida Stealer. The researcher says the network could be bigger than he expects, as he has also seen legitimate GitHub accounts being taken over using stolen login details.

[…]

The Stargazer Goblin threat actor identified by Check Point sells their services through ads on cybercrime forums and also through a Telegram account. A posts on a Russian-language cybercrime forum advertises 100 stars for $10 and 500 for $50 and says they can provide clones of existing repositories and trusted accounts. “For GitHub, the process looks organic,”

[…]

The Check Point engineer also says he identified one YouTube “ghost” account that was sharing malicious links via video, indicating that the network could be more encompassing. “I think this is not the whole picture,” Terefos says.

Source: A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub | WIRED