Warning: Comments on Github to push crypto stealing malware

[Kemarit]

For sure every one is familiar with Github and for the majority of us, we uses it to get the latest codes of everything related to crypto. But there are new methods being used by criminals right now to spread password stealer crypto malware, the Lumma Stealer.

So this group will supposedly offers solutions on problems being posted on Github, attaching a link. But if you go and download the links thru mediafire  or any other shortener, it will obviously contains a malware. And once you download it, it might be over for you.

You can read everything here:

https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/
https://www.reddit.com/r/Malware/comments/1f2n1h4/psa_lummac2_trojan_stealer_spreading_on_github/

Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.

https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

So just be careful on what we download in Github, this is just one example and I think this might be the new trend for cyber criminals. Another mode of attack to us spread any malware they want to steal our cryptos.

[hugeblack]

In fact, what you are downloading is a mediafire file and not a link from Github.
Also, the fact that the code is on Github does not mean that it is safe unless it has been reviewed by a sufficient number of developers that you trust and the code is open source and not an open source library.

[Mia Chloe]

In fact, what you are downloading is a mediafire file and not a link from Github.
Also, the fact that the code is on Github does not mean that it is safe unless it has been reviewed by a sufficient number of developers that you trust and the code is open source and not an open source library.

Personally I won't even advise anyone without a nice level of technical knowledge to download their software or compilation scripts from GitHub. In fact the first question is why do technical guys usually download or get their software and scripts from communities like GitHub for example? The fact is many times they get their scripts and softwares from there because they are open source and that simply matters because since they have a nice level of technical knowledge they'll be able to tell if that script has something hidden or something like a command to steal data.

The fact is almost no where is safe to get your softwares from. People often rush to claim that downloading from the original source is 100% safe but the truth is that is only safer than random sites.

[albon]

So this group will supposedly offers solutions on problems being posted on Github, attaching a link. But if you go and download the links thru mediafire  or any other shortener, it will obviously contains a malware. And once you download it, it might be over for you.

Anyone can create an account on GitHub and impersonate the name of one of the developers and publish these malicious in comments, solutions, or on any website in search engines.These scammers often upload such files to file storage sites and shorten the link not to recognize the original link to the file. It is important to verify that the file is downloaded from the official account of the original project developer and make sure that you are downloading from the official source, and you should scan the file before installing it on the PC. If anyone downloads any file containing Lumma Stealer from suspicious or non-original links, the consequences can be severe, especially if the file is downloaded and installed on a PC that handles sensitive information and cryptocurrency wallets.

Thank you, OP, for bringing this up. I hope beginners will keep their assets and wallets safe, as malware has recently spread and increased.

[tabas]

Thanks OP!

So just be careful on what we download in Github, this is just one example and I think this might be the new trend for cyber criminals. Another mode of attack to us spread any malware they want to steal our cryptos.

If the link is redirecting you to another website and you're unsure if it's safe or not, better stop already from there. I don't trust most of the downloadable that are uploaded in Mediafire, I had a terrible experience there when I wasn't aware of these things a long time ago although some genuine files/apps are also there by non-bad actors. For those that are very hyper with what they see on the web whether it's from Git Hub or not, the practice is to always verify the source or if in doubt, don't touch, don't download.

[logfiles]

I always like reporting such profiles that attempt to spread malware through GitHub. OP if you have an account over there, you can try reporting them as well. It's an easy process and one thing i like about those in charge of moderating GitHub, the act very first and ban such accounts.
Eventually the person behind the account gives up and probably tries something else which is new,.

[hugeblack]

The fact is almost no where is safe to get your softwares from. People often rush to claim that downloading from the original source is 100% safe but the truth is that is only safer than random sites.

The only thing is that in the case of closed source you need to trust a central group while open source means trusting a decentralized group of developers.
As for security, it is relative, not all closed source software is insecure, we have software that has been downloaded millions of times and it is more secure than open source software that only a few people have reviewed.
In short, it depends on who reviewed the code, their number and experience, otherwise you are forced to trust the developer.

[hd49728]

The only thing is that in the case of closed source you need to trust a central group while open source means trusting a decentralized group of developers.
As for security, it is relative, not all closed source software is insecure, we have software that has been downloaded millions of times and it is more secure than open source software that only a few people have reviewed.
In short, it depends on who reviewed the code, their number and experience, otherwise you are forced to trust the developer.

In cryptocurrency, security advice is going with open source is better than close source but it is very important to warn people that they can not automatically and blindly assume that open source means good, quality and secure.

With open source code, community developers can review, reproduce these codes but each person is responsible for safety of his fund so don't trust community reviews completely and act carelessly with open source things.

Community might miss something dangerous and you will be trapped if you are careless.

[NotATether]

So just be careful on what we download in Github, this is just one example and I think this might be the new trend for cyber criminals. Another mode of attack to us spread any malware they want to steal our cryptos.

It's not specifically the Releases you should be careful with, but it's stuff that people are posting in Github issues threads (which I guess includes Pull Requests).

Normally, nobody should be downloading stuff from there. Because people do not post any sort of downloadable files except for I guess log files, but those are in text format and can be placed on a pastebinthings like attachments and any sort of link should be viewed with suspicion.