A simple comment on the Internet can trigger a wide variety of attacks. You could be the victim of password theft, personal data theft, or any type of malware. In this article, we will discuss one more example. These are malicious comments that are being posted on GitHub, with the aim of attacking. This is something that could happen on social networks and many other platforms, so we are going to give you some recommendations.
Hackers are usually going to take advantage of platforms that are widely used. It is there, in services with many users, where they will have the greatest probability of success. It is essential to take measures to avoid falling into the trap and prevent your privacy from being compromised online.
Malware in GitHub comments
We can say that GitHub is one of the most used software repositories. You can find a wide variety of open source software and you will see information on how to use it, comments, etc. Cybercriminals are taking advantage of this and sneaking in a malware called Lumma Stealer. It is malicious software with the ability to steal information.
Basically, what they do is post comments that seem to help solve certain problems or include improvements, but in reality they are malicious software. In that comment, they invite the victim to download a password-protected file through a URL and run it. Of course, what really happens is that they are downloading malware.
According to the security researchers behind this discovery, they have published almost 30,000 malicious messages of this type in the space of three days. Specifically, they have detected just over 29,000. This folder that the victim downloads contains DLL files and the executable.
But what does this Lumma Stealer malware actually do? Once it runs, it has the ability to steal cookies, passwords, usernames, bank card details, or the history of browsers like Chrome, Firefox, or Edge. It could even steal passwords that were stored on that computer, in text files.
Be careful with comments
All of this leads us to recommend extreme caution with comments on the Internet. Not only is there the case of GitHub, and this malware in particular, but we have seen similar campaigns on platforms such as YouTube, Facebook and others. They could easily sneak a threat in just by clicking on a link in those comments and downloading a file.
Beyond common sense and taking precautions, it is also important to keep your device well protected. Make sure you use a good antivirus, as this will help you detect threats and act as soon as possible. Check that this security program is reliable and will really protect you.
It’s also a good idea to keep everything up to date. Make sure you’re using the latest version of your operating system or any software you use. In many cases, attackers will take advantage of any vulnerabilities that may exist. By having the latest versions, you’ll be able to fix those flaws.
In short, be careful with the comments you see on the Internet. We have seen the case of GitHub, but it can happen on very different platforms. Detecting malicious links, for example, will also be key to preserving your security.
