Dimnie Trojan malware spreads via GitHub attacks
Towards the end of March 2017 news broke that attackers were targeting open source developers who used GitHub with an advance version of the Dimnie Trojan malware.
The Trojan has been dormant for some time, and boasts the ability to steal passwords, download sensitive files, take screenshots and self-destruct when necessary.
Tod Beardsley, Research Director, Rapid7 has since commented on the attacks:
“Certainly, open source developers are an attractive target for malware, especially when they’re working on libraries and utilities that end up on millions of devices worldwide.
The news from Palo Alto is a great reminder that developers who are publishing code, as a class, do need to stay extra vigilant when handling binaries from unknown sources. This vigilance might be at odds with the typical helpfulness that’s common to many open source communities, so while it might be uncomfortable to be less helpful to strangers, developers need to protect their users as well as themselves from these kinds of social engineering attacks.
For me, the most obvious red flag with the described operation is the fact that it relied on a gzipped Microsoft Word document. Anyone getting some_file_name.docx.gz would do well by sending that straight to the trash; Microsoft Word users will rarely, if ever, use gzip — much more of a Linux tool — for compression.
Personally, I tend to do my open source development work on a dedicated Virtual Machine (VM), where I don’t read e-mail. This gives me a little bit extra insulation from attacks like this, and incidentally helps keep my dev environment pristine.”