A newly identified threat actor, Water Curse, is exploiting GitHub to deliver weaponized repositories containing multistage malware. The group has been linked to at least 76 GitHub accounts, targeting cybersecurity professionals, game developers, and DevOps teams. Their malware enables data exfiltration, remote access, and long-term persistence on infected systems. The attack begins with trojanized open-source tools, progresses through complex infection chains using obfuscated scripts, and culminates in extensive system reconnaissance and data theft. Water Curse employs anti-debugging techniques, privilege escalation methods, and persistence mechanisms to maintain control over affected systems. The campaign poses a significant supply chain risk, especially to those relying on open-source tooling from GitHub. Author: AlienVault
Related Tags:
anti-debugging
Backdoor.JS.DULLRAT
privilege escalation
T1089
T1102.002
T1213.002
T1497.001
T1562.004
T1548.002
Associated Indicators:
6B78948F441EEE53F21791D4DD88DD4FDCD5F7E3
27C4161777BA005166156DE311BA58DE49EAC874
4C189405D684EB8E70B1848B356967E783B9C543
AD25EE224973140D41C6ECF1C1500D4EFEB0B324
2FC0686693AFD37778CBA68702986065E995F765
FDB9FC2DE72BE71084CC60508D00BEDBF9337172
E1A02B787597A844B82A73C2488000088D0533B4
60BDF425BD22C34BAD7D5663DB31D2107153F729
6894AA7C5BB643B8C32C10F6C409BBAAE250EA85