Security News Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer

[Bot]

Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in question have since been taken down by the Microsoft-owned subsidiary. "The repositories look

Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer

Researchers at G DATA have exposed a scheme dubbed "gitgub" on GitHub, where 17 repositories were delivering the information stealer, RisePro.

thehackernews.com

RisePro stealer targets Github users in "gitgub" campaign

RisePro resurfaces with new string encryption and a bloated MSI installer that crashes reversing tools like IDA. The "gitgub" campaign already sent more than 700 archives of stolen data to Telegram. Following Arstechnica’s story about malicious Github repositories, we wrote a threat hunting tool...

www.gdatasoftware.com

 

[Shadowra]

RisePro gets a lot of traffic, as does LummaStealer.
I believe they are based on PrivateLoader but not on...
@Trident may have more information

 

[Trident]

Yeah, the bloated file 699 MB definitely makes it look similar to PrivateLoader. But PrivateLoader is just a loader by itself, whilst this seems to be the stealer directly.