SoylentNews

-- OriginalOwner_ [tinyurl.com] writes:

Via Security Intelligence (sic), extremely bad tech writer Larry Loeb published an article entitled
Malware Attack Targets Open Source Developers [securityintelligence.com]

Dimnie is stealthy and sophisticated. It cloaks the internal GET requests so that they appear to go to Google-owned domain names, but they actually go to an attacker-controlled IP address. The malware downloads various modules for functions such as keylogging, screen grabbing and more. Once downloaded, it leaves no direct trace of these modules on the target computer's hard drive.

Basically, Dimnie is designed to steal information. It stores itself and the information it gets into memory to cover its footprints. There is even a self-destruct module to remove any residual traces left on the target machine.

Once Dimnie has grabbed its targeted information, the swag is encrypted using AES-256 in Electronic Codebook (ECB) mode and then appended to image headers.

In his quasi-daily news digest at TechRights (under the heading "Security"), Roy Schestowitz notes [techrights.org]

Articles like these neglect to say that only developers who use Microsoft Windows are at risk.

Better headline: Malware targets Windows users who are registered at GitHub. Must have Microsoft Word and PowerShell.

Original Submission