A group of malicious GitHub repositories are distributing hidden backdoors and malware, targeting hackers, gamers, and researchers with fake exploits, game cheats, and remote access tools like Sakura RAT. Sophos researchers uncovered a coordinated campaign involving automated commits and obfuscated payloads designed to infect devices and steal data. #SakuraRAT #GitHubBackdoors
Keypoints
- The campaign uses automated commits to maintain activity and legitimacy in malicious repositories.
- Hidden backdoors include obfuscated scripts, malicious screensavers, and encoded JavaScript files.
- Sophos discovered that the Sakura RAT code downloads malware using a PreBuildEvent in Visual Studio projects.
- The infection process involves VBS scripts, PowerShell, and Electron applications executing multiple payloads.
- The malware targets a wide range of victims, including hackers, gamers, students, and cybersecurity researchers.
Views: 13