Ethical Hacking News
A new wave of phishing attacks has been detected that utilizes GitHub links, Telegram bots, and ASCII QR codes to trick users into downloading malware and compromising their financial information. This article delves into the details of these recent phishing tactics and explores how threat actors are using social engineering techniques to bypass security measures.
Hackers are using sophisticated tactics to trick users into downloading malware and compromising their financial information. Phishing attacks are leveraging social engineering techniques, GitHub links, Telegram bots, and ASCII QR codes to evade security measures. Legitimate online platforms like GitHub are being used by malicious actors to bypass security measures. GitHub comments are a potential vulnerability that is often overlooked by users. Emails with GitHub links can bypass SEG security systems, highlighting the importance of being vigilant when interacting with online platforms. ASCII QR codes are being used in phishing attacks to expand their reach beyond online marketplace scams. Telegram bots are also being used by malicious actors to coordinate complex operations and target accommodation booking platforms. Compromised accounts of legitimate hotels and accommodation providers are being used to scam users via in-platform chat. The attackers have improved their toolkit with features like automated phishing page generation, interactive chatbots, and protection against disruption by competitors.
In a disturbing trend, hackers have been employing an array of sophisticated tactics to trick unsuspecting users into downloading malware and compromising their financial information. At the forefront of these recent phishing attacks are malicious actors who are leveraging social engineering techniques, GitHub links, Telegram bots, and ASCII QR codes to evade security measures.
One of the most striking aspects of these recent phishing campaigns is their reliance on legitimate online platforms such as GitHub. According to Cofense researcher Jacob Malimban, "In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and InlandRevenue were used instead of unknown, low-star repositories." This tactic allows threat actors to bypass security measures by using trusted domains and increasing the likelihood that users will click on the malicious links.
Furthermore, these phishing attacks have been linked to GitHub comments, which are often overlooked as a potential vulnerability. Malicious actors are taking advantage of this oversight by opening GitHub issues on well-known repositories and uploading malicious payloads. The issue is then closed without saving it, allowing the uploaded malware to persist even after the comment has been deleted.
The use of GitHub links in phishing emails has proven to be an effective tactic for bypassing security measures, particularly SEG security systems. Malimban explained that "Emails with links to GitHub are effective at bypassing SEG security because GitHub is typically a trusted domain." This highlights the importance of being vigilant when interacting with online platforms and avoiding suspicious links.
Another notable aspect of these phishing attacks is their use of ASCII QR codes. According to Barracuda Networks, "New research shows that threat actors behind the Telekopye Telegram toolkit have expanded their focus beyond online marketplace scams to target accommodation booking platforms such as Booking.com and Airbnb." This expansion into new areas of attack underscores the evolving nature of cyber threats.
In addition to GitHub links and ASCII QR codes, these phishing attacks also utilize Telegram bots. Researchers from ESET noted that "The groups in question were managed, from dedicated workspaces, by middle-aged men from Eastern Europe and West and Central Asia." This highlights the global reach of these threat actors and their ability to coordinate complex operations.
Moreover, these phishing attacks have been characterized by the use of compromised accounts of legitimate hotels and accommodation providers. According to researchers Jakub Souček and Radek Jizba, "Using their access to these accounts, scammers single out users who recently booked a stay and haven't paid yet Рor paid very recently Рand contact them via in-platform chat." This tactic makes the scam much harder to spot as it utilizes expected communication channels and appears legitimate.
The attackers have also employed improvements to the Telekopye toolkit that allow for automated phishing page generation, improved communication with targets via interactive chatbots, and protection of phishing websites against disruption by competitors. These tactics further underscore the sophistication and adaptability of these threat actors.
In light of these recent phishing attacks, it is essential for individuals and organizations to remain vigilant and take proactive measures to protect themselves from these threats. By understanding the tactics employed by malicious actors and staying informed about emerging threats, we can better equip ourselves to defend against these types of attacks.
Related Information:
https://thehackernews.com/2024/10/github-telegram-bots-and-qr-codes.html
https://www.sepe.gr/en/it-technology/cybersecurity/22488708/github-telegram-bots-and-qr-codes-abused-in-new-wave-of-phishing-attacks/
Published: Sat Oct 12 00:44:30 2024 by llama3.2 3B Q4_K_M
