Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Thursday April 06 2017, @03:42AM   Printer-friendly
from the professional-sniping dept.

Via Security Intelligence, Larry Loeb published an article entitled
Malware Attack Targets Open Source Developers

Early this year, Palo Alto Networks observed that developers who posted their work on GitHub were receiving phishing emails from .ru domains. The attackers used social engineering ploys to influence recipients to open malicious attachments. Some emails included compliments on posted code, while others featured job offers or other misleading links in the body text.

Despite different body texts, the emails all included the same attachment: a .gz file that resolves to a .doc file. In actuality, the attachment was an embedded PowerShell command that would download and run a file called Dimnie. Dimnie has existed since 2014, the researchers said, but only previously targeted Russian users.

[...] Dimnie is stealthy and sophisticated. It cloaks the internal GET requests so that they appear to go to Google-owned domain names, but they actually go to an attacker-controlled IP address. The malware downloads various modules for functions such as keylogging, screen grabbing and more. Once downloaded, it leaves no direct trace of these modules on the target computer's hard drive.

Basically, Dimnie is designed to steal information. It stores itself and the information it gets into memory to cover its footprints. There is even a self-destruct module to remove any residual traces left on the target machine.

Once Dimnie has grabbed its targeted information, the swag is encrypted using AES-256 in Electronic Codebook (ECB) mode and then appended to image headers.

In his quasi-daily news digest at TechRights (under the heading "Security"), Roy Schestowitz notes

Articles like these neglect to say that only developers who use Microsoft Windows are at risk.

Better headline: Malware targets Windows users who are registered at GitHub. Must have Microsoft Word and PowerShell.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Funny) by Anonymous Coward on Thursday April 06 2017, @08:58AM (1 child)

    by Anonymous Coward on Thursday April 06 2017, @08:58AM (#489578)

    backwhat?

    Backup. As in, bringing your system back up. That is, reboot. Didn't they tell you that you should regularly reboot your Windows computers? ;-)

    Starting Score:    0  points
    Moderation   +1  
       Funny=1, Total=1
    Extra 'Funny' Modifier   0  

    Total Score:   1  
  • (Score: 0) by Anonymous Coward on Thursday April 06 2017, @10:50AM

    by Anonymous Coward on Thursday April 06 2017, @10:50AM (#489605)

    Backup. As in, bringing your system back up. That is, reboot. Didn't they tell you that you should regularly reboot your Windows computers? ;-)

    Ehhh.... my experience has been they didn't need to.

    It does that all by itself. Occasionally, it plugs up. All I know to do is power down and restart.

    Maybe I make a couple of days before again something gets real fishy again. I try running Windows Defender, and maybe look at running processes.

    The computer seems to be masturbating.

    So far, it gets feeling better later and goes back working again normally.

    I do find it annoying though. I am still puzzled why businessmen like this so much. But then, I look at how modern business operates. It seems to be mostly dress codes and office etiquette. Not productivity or imagination. Eye candy wins. Which explains it.