INSUBCONTINENT EXCLUSIVE:
for distributing an assortment of malicious software to targets.The use of GitHub gave the malware-as-a-service (MaaS) a reliable and
means of file hosting, downloading files from a GitHub repository may bypass Web filtering that is not configured to block the GitHub
organizations with software development teams require GitHub access in some capacity
said had been ongoing since February, used a previously known malware loader tracked under names including Emmenhtal and PeakLight
in a separate campaign that embedded the loader into malicious emails to distribute malware to Ukrainian entities
Talos found the same Emmenhtal variant in the MaaS operation, only this time the loader was distributed through GitHub.The campaign using
GitHub was different from one targeting Ukrainian entities in another key way
Whereas the final payload in the one targeting the Ukrainian entities was a malicious backdoor known as SmokeLoader, the GitHub one
installed Amadey, a separate malware platform known
Amadey was first seen in 2018 and was initially used to assemble botnets
Talos said the primary function of Amadey is to collect system information from infected devices and download a set of secondary payloads
that are customized to their individual characteristics, based on the specific purpose in different campaigns.
