In a recent blog article by prominent security specialist, Graham Cluley, researchers have discovered malware targeting developers using the GitHub repository in a targeted campaign that seeks to steal information and passwords. The campaign, to which computer security researchers Palo Alto Networks were first alerted in January, puts individual developers at risk, and could also indicate that attackers are looking to manipulate software projects.
While the attackers use typical email phishing tactics to infect targets, the malware is unusual in that it appears to have been around since at least early 2014, but has avoided coming to the attention of researchers until now. That’s in part because it previously targeted only Russian-speaking individuals, and is also due to its use of tactics that disguise its communications to avoid detection.
“During its lifespan, it appears to have undergone few changes and its stealthy command and control methods combined with a previously Russian focused target base has allowed it to fly under the radar up until this most recent campaign,” Palo Alto said in an advisory.
The malware, called Dimnie, is capable of downloading a variety of modules enabling different types of reconnaissance data theft, including keylogging and screenshots.
