A secretive network of around 3,000 'ghost' accounts on GitHub manipulates pages to promote malware and phishing links, boosting them with GitHub's tools. Cybercriminals abuse GitHub's features for malicious purposes, creating fake activity with 'star,' 'fork,' and 'watch' actions.
The Stargazer Goblin persona has been hosting malicious repositories on GitHub since at least June last year, appearing legitimate due to its boosted popularity. The coordinated actions of the ghost network make the pages seem genuine, taking advantage of the platform's functionalities.
Antonis Terefos from Check Point highlights that the Stargazers Ghost Network utilizes fake accounts to star, fork, and watch malicious repositories, creating an illusion of authenticity. This kind of exploitation integrating fake engagement is a new and concerning tactic on GitHub, impacting the platform's security.
[
Collection
]
[
|
...
]