GitHub Repositories Used to Distribute RisePro Information Stealer πŸ“‚πŸ’»

Mar 18 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wants to see a bloodbath… For the cybercrime industry πŸ˜‚ #context #Trump #NPCs πŸ™ˆπŸ™ˆπŸ™ˆ

Today’s hottest cybersecurity news stories:

  • πŸ“ˆ RisePro info stealer spreads via cracked software on GitHub πŸ‘Ύ

  • 🧠 Modern CPUs affected by newly discovered GhostRace flaw πŸ‘»

  • 🏠 There’s no place like Chrome. Introducing real-time URL protection πŸ›‘οΈ

Git tae fook, hackers! Malware on the Rise, Bro πŸ“ˆπŸ’€πŸ‘¨β€πŸ’»

🚨 GitHub Repositories Used to Distribute RisePro Information Stealer πŸ“‚πŸ’»

Cybersecurity researchers have uncovered a series of GitHub repositories housing cracked software, serving as a platform for the distribution of an information stealer known as RisePro. The campaign, dubbed "gitgub," consisted of 17 repositories associated with 11 different accounts.

πŸ’Ύ These repositories, which have since been removed, featured a README.md file promising free cracked software. Notably, the threat actors added four green Unicode circles to the README.md file, mimicking the appearance of status indicators and lending an air of legitimacy. Each repository pointed to a download link hosted on "digitalxnetwork[.]com," containing a RAR archive file.

πŸ—ƒοΈ This archive, requiring a password mentioned in the repository's README.md file, contained an installer file that unpacked the next-stage payloadβ€”an executable file inflated to 699 MB to thwart analysis tools. The injected RisePro (version 1.6) malware, written in C++, is designed to gather sensitive information from infected hosts and transmit it to two Telegram channels.

πŸ› οΈ This method allows threat actors to efficiently extract victims' data. This discovery coincides with Splunk's disclosure of Snake Keylogger's tactics, highlighting the prevalence of stealer malware. Snake Keylogger employs various techniques, including FTP, SMTP, and integration with Telegram, to exfiltrate stolen data in real-time.

🀏 Stealer malware like RisePro and Snake Keylogger have become increasingly common, serving as primary vectors for high-impact data breaches. Reports indicate a surge in the use of stealers, with RedLine, Vidar, and Raccoon being among the most prolific, collectively responsible for millions of compromised passwords.

πŸ’ As cyber threats evolve, the prominence of information-stealing malware underscores the need for robust cybersecurity measures. Threat actors continually adapt, making stealers more accessible and easier to deploy, emphasising the importance of proactive defence strategies. πŸ›‘οΈπŸ’ͺ

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Hackers want CPU to come last in the GhostRace to patch πŸ©ΉπŸ‘€πŸ’€

🚨 Tech Alert: GhostRace Vulnerability Discovered! πŸ”

A new data leakage threat, GhostRace (CVE-2024-2193), has been uncovered by researchers affecting modern CPUs with speculative execution support. It's a variation of Spectre v1, combining speculative execution and race conditions.

πŸ”’ Common synchronisation methods using conditional branches can be bypassed, creating Speculative Race Conditions (SRCs), allowing attackers to leak data.

πŸ”¬ Discovered by IBM Research Europe and VUSec, GhostRace follows SLAM, another side-channel attack revealed in December 2023.

πŸ›‘οΈ Spectre exploits CPU optimizations, letting attackers access privileged data. Though speculative execution boosts performance, errors leave traces attackers can exploit.

πŸ‘₯ GhostRace stands out as it lets unauthenticated attackers extract data via race conditions, accessing speculative code paths.

πŸ’» Mitigation steps include following existing Spectre guidance, with AMD recommending continued measures. Xen hypervisor has introduced hardening patches as a precaution.

πŸ”’ Stay vigilant! Any software relying on conditional branches may be vulnerable. Follow updates from security advisories for protection.

🎣 Catch of the Day!! 🌊🐟🦞

πŸƒΒ The Motley Fool: β€œFool me once, shame on β€” shame on you. Fool me β€” you can't get fooled again.” Good ol’ George Dubya πŸ˜‚ Let us tell who’s not fooling around though; that’s the CrΓΌe πŸ‘€ at Motley Fool. You’d be a fool (alright, enough already! πŸ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! πŸ› Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets πŸ€‘Β (LINK)


🚡 Wander: Find your happy place. Cue Happy Gilmore flashback πŸŒοΈβ›³πŸŒˆπŸ•ŠοΈ Mmmm Happy Place… πŸ˜‡ So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)


🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts βšΎπŸ‘»πŸΏ (Great movie, to be fair πŸ™ˆ). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty πŸ˜‘). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho πŸ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Real-time’s coming Chrome, it’s coming Chrome, it’s coming Chrome (it’s coming!) βš½πŸ™ƒπŸ˜‚

🚨 Google's Latest Safeguard: Real-Time URL Protection! πŸš€

πŸ”’ Google has unveiled an upgraded version of Safe Browsing, ensuring instant, privacy-focused defence against potentially harmful websites.

πŸ” "Chrome's desktop and iOS versions now offer Standard protection, checking sites in real-time against Google's list of known malicious sites," stated Jonathan Li and Jasika Bawa from Google.

⚠️ Users receive warnings if a site poses a risk, with this real-time check expected to block 25% more phishing attempts.

πŸ”„ Previously, Chrome used local lists of unsafe sites, updated every 30-60 mins. Now, real-time checks occur to combat the rapid growth of harmful sites, with 60% of phishing domains lasting less than 10 mins.

πŸ“‘ With the new system, every website visit undergoes checks against global and local caches, with URLs obfuscated into hashed prefixes for privacy.

πŸ” Safe Browsing servers decrypt and match these prefixes, issuing warnings if a match is found.

🌐 Crucially, Google employs an Oblivious HTTP (OHTTP) relay to ensure user privacy, preventing correlation between URL checks and browsing history.

πŸ”’ Your browsing activity remains private, with no single party having access to both your identity and hashed prefixes.

πŸ’» Stay protected while browsing with Google's enhanced Safe Browsing! Thanks for reading, cyber squad. Catch you on the flipside πŸ˜‰

πŸ—žοΈ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ›‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday πŸ“…

  • πŸ’΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for πŸ†“

  • πŸ“ˆΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πŸ‘Ύ

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles