GitHub Hosts Infostealer

GitHub Hosts Infostealer

A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered that this same approach is being used to push binary “info stealing” malware to Windows computers.

Infected Magento Sites

Recently, we identified hundreds of infected Magento sites with the following injected script:

<script type=”text/javascript” src=”https://bit.wo[.]tc/js/lib/js.js“></script>

The contents of the js.js file included:

This code creates a hidden div and after a short delay displays a fake Flash Player update banner above the normal site content.

Continue reading GitHub Hosts Infostealer at Sucuri Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *


Tap To Call