Malware News GitHub Users Targeted with Dimnie Trojan

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Developers sharing code on GitHub are being targeted in a malicious email campaign that's infecting their computers with a modular trojan known as Dimnie.

GitHub users first started noticing and complaining about these attacks at the end of January this year, but cyber-security firm Palo Alto, who's been investigating the incidents, says attacks started a few weeks prior.

GitHub users spear-phished by unknown group
Even if the malware payload (Dimnie) is somewhat rare, the attack itself is mundane and follows a classic modus operandi.

Unknown individuals start by sending selected GitHub users a recruitment email. Below are just two of the many messages used in this campaign.
....
....
Macro scripts drop new version of Dimnie trojan
The payload surprised Palo Alto experts because they discovered a new version of the Dimnie trojan, a malware downloader that has remained relatively the same since it first appeared three years ago, in 2014.

Analyzing this new version, researchers found a much more potent threat than older Dimnie versions. This new iteration came with the ability to disguise malicious traffic under fake domains and DNS requests, but also with a plethora of new modules, all of which it executed in the OS memory, without leaving a footprint on the user's disks.

This fileless behavior is what helped attackers keep a low profile. Additionally, the new modules were also very potent, granting attackers various abilities.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top