Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Benedict Collins

GitHub is being hijacked by hackers, and it isn't going to be fixed any time soon

GitHub Webpage.

Cybercriminals are using GitHub to host and distribute malicious files and redirect traffic to phishing scams, experts have warned.

While GitHub has become an industry standard tool for code and file sharing, it is increasingly being used by threat actors as a key part of their criminal infrastructure.

The code-hosting site is also being used in an adapted tactic of living-off-the-land (LotL).

An infection without a cure?

Threat actors have been using the sites file and code sharing capabilities to deploy its payloads inside legitimate network traffic in what Recorded Future has coined as “living-off-trusted-sites” (LOTS) in a report on how threat actors are utilizing GitHub.

The main avenue of GitHub abuse surrounds payload delivery, with dead drop resolving (DDR) and command-and-control (C2) also seeing widespread use on the site.

DDR involves the use of a legitimate service being used by cybercriminals to store information relating to their own malicious domains, which infect users and directs them to other infrastructure used by threat actors.

GitHub is also being used by threat actors to hide or disguise their C2 networks, allowing their traffic to blend in with legitimate traffic making it very difficult to trace or observe.

Recorded Future said in the report that, “The "living-off-trusted-sites" (LOTS) approach is highlighted as a growing trend among APTs, with less-sophisticated groups expected to follow suit.”

“As attacks are anticipated to increase, the text emphasizes that legitimate internet services (LIS) will pose a new third-party risk vector for customers. Mitigation strategies are expected to require advanced detection methods, comprehensive visibility, and diverse detection angles.”

The report states that there is no current solution to resolve GitHub abuse by threat actors, however it is expected that the responsibility for detecting the abuse of GitHub hosting may gradually move towards LIS who have greater visibility over who is using their services and what they are doing.

Via TheHackerNews

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.