
Developers constantly need to modify and rework their source codes when releasing new versions of applications or coding projects they create and maintain. This is what makes GitHubâan online repository hosting service that provides version control managementâpopular. In many ways, itâs like a social networking site for programmers and developers, one that provides a valuable platform for code management, sharing, collaboration, and integration.
GitHub is no stranger to misuse, however. Open-source ransomware projects EDA2 and Hidden Tearâsupposedly created for educational purposesâwere hosted on GitHub, and have since spawned various offshoots that have been found targeting enterprises. Tools that exploited vulnerabilities in Internet of Things (IoT) devices were also made available on GitHub. Even the Limitless Keylogger, which was used in targeted attacks, was linked to a GitHub project.
Other threat actors have abused GitHubânamely, the Winnti APT group. This time, however, Winnti abused GitHub by turning it into a conduit for the command and control (C&C) communications of their seemingly newfangled backdoor (detected by Trend Micro as BKDR64_WINNTI.ONM).
Read More