Massive Supply Chain Malware Campaign Affects Thousands of Github Repositories Drops Malware - An OSINT Analysis

I've recently spotted a currently circulating massive malware embedded malware campaign affecting thousands of Github repositories where the ultimate goal would be to compromise the affected hosts and steal accounting data for major Web properties including various cloud based environments.

Exposing GCHQ's URL Shortening Service - An OSINT Analysis

I've recently decided to come up with a proper analysis on a well known GCHQ URL shortening service used for monitoring purposes where the ultimate goal would be to provide additional insights into its Internet-connected infrastructure and try to find additional links and connections between related campaigns courtesy of the GCHQ

Sample URL known to have been involved in the campaign:

hxxp://lurl.me

Related domains known to have been involved in the campaign include:

hxxp://mhhiuag.com

hxxp://lhgeesp.biz

hxxp://ciwcesp.com

hxxp://lhgeesp.net

hxxp://ciwcesp.biz

Sample related responding IPs known to have been involved in the campaign include:

hxxp://198.105.254.11

hxxp://37.220.34.116

hxxp://109.235.48.3

hxxp://64.74.223.47

hxxp://198.105.244.11

Sample screenshots include:

Rogue Twitter accounts known to have been involved in the campaign include:

hxxp://twitter.com/2009iranfree

hxxp://twitter.com/MagdyBasha123

hxxp://twitter.com/TheLorelie

hxxp://twitter.com/Jim_Harper

hxxp://twitter.com/angelocerantola

hxxp://twitter.com/recognizedesign

hxxp://twitter.com/akhormani

hxxp://twitter.com/FNZZ

hxxp://twitter.com/GlenBuchholz

hxxp://twitter.com/enricolabriola

hxxp://twitter.com/katriord

hxxp://twitter.com/ShahkAm147

hxxp://twitter.com/Pezhman09

hxxp://twitter.com/jimsharr

hxxp://twitter.com/blackhatcode

I'll continue monitoring the development of this campaign and I'll post updates as soon as new developments take place.

In Retrospective - A New Malware Bot Vector Spotted in the Wild - An OSINT Analysis

I've recently came across to a new malicious software release that has some pretty interesting and what can be best described as advanced form grabbing features and I've decided to further elaborate on some of its key features which basically include advanced form grabbing features for a variety of applications and web services which makes the malicious software release a pretty important release in the context of introducing new and novel features within the cybercrime ecosystem.

Sample screenshots:

I'll continue monitoring the development of this malicious software release and I'll post updates as soon as new developments take place.