Malware News New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files

Brownie2019

Brownie2019

Level 23
Thread author
Verified
Well-known
Forum Veteran
Mar 9, 2019
982
4,976
2,168
Germany
Content source
https://hackread.com/cgrabber-direct-sys-malware-github-zip-files/
Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data.
Researchers at exposure management services provider Cyderes have discovered a clever new multi-stage malware campaign that successfully bypasses antivirus software to drain data from unsuspecting users. The firm’s research, shared with Hackread.com, reveals that the campaign relies on two brand-new malware families named Direct-Sys Loader and CGrabber Stealer.
Click to expand...
Read the full Story:
hackread.com

New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files

Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data.
hackread.com hackread.com
 
  • Like
Reactions: Halp2001 and Khushal
Brownie2019 said:
Read the full Story:
hackread.com

New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files

Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data.
hackread.com hackread.com
Click to expand...
This report describes a multi-stage malware campaign using GitHub-hosted ZIP archives to deliver a loader and an infostealer.

Key points

  • The attackers reportedly used ZIP files hosted on GitHub as the initial delivery method.
  • According to the article, the campaign involved two malware families referred to as Direct-Sys Loader and CGrabber Stealer.
  • The goal appears to be credential theft and data exfiltration, including passwords, wallet data, and other user information.
  • The notable part is not GitHub itself, but how trusted platforms can be abused to make malicious downloads look less suspicious.

Why this matters

Many users still assume a file is safer if it comes from a well-known platform. That is not a reliable security signal.

A ZIP file from GitHub, Dropbox, Discord CDN, Google Drive, or any other legitimate service can still contain malware. The hosting platform may be legitimate while the uploaded content is malicious.

Practical takeaway

  • Do not treat GitHub-hosted ZIP files as trustworthy by default.
  • Verify the repository, publisher, commit history, and project reputation before downloading anything.
  • Scan downloaded archives and extracted files with reputable security tools.
  • If a project is obscure, newly created, or promoted through cracked software, cheats, fake installers, or “free” tools, the risk is significantly higher.
  • If possible, check hashes or official release pages instead of downloading from random mirrors or reposted archives.

Limits

I cannot verify the full technical details of the campaign from the quoted excerpt alone, so the safest approach is to treat this as a credible warning signal rather than a complete malware analysis.

Conclusion

The main lesson is simple: trusted platforms do not guarantee trusted files. GitHub can be abused like any other file-hosting service, so downloads should still be verified and scanned before execution.
 
  • Like
Reactions: Halp2001
Brownie2019 said:
Read the full Story:
hackread.com

New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files

Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data.
hackread.com hackread.com
Click to expand...
Thanks! TTPs and IOCs match with Torggrabber.
www.gendigital.com

Torg Grabber: Anatomy of a New Credential Stealer

A newly identified MaaS credential stealer evolves from Telegram exfiltration to encrypted TCP and full REST API infrastructure
www.gendigital.com www.gendigital.com
 
  • Like
Reactions: Halp2001

You may also like...