Stargazers Ghost Network
Check Point Research identified a sophisticated network of GitHub accounts distributing malware through malicious repositories. The Stargazers Ghost Network consists of different types of accounts performing various actions like starring forking and subscribing to give an appearance of legitimacy. This network functions as a Distribution as a Service (DaaS) allowing threat actors to share malicious content. The operator tracked as Stargazer Goblin provides and maintains the network distributing malware families like Atlantida Stealer Rhadamanthys Lumma Stealer and RedLine. With over 3000 active Ghost accounts the network has earned an estimated $100000 since its inception in August 2022. This new era of malware distribution utilizes ghost accounts across platforms potentially employing AI for targeted campaigns.