Watch the stream
A new era of malware distribution is here, where “ghost”/bot accounts spread malicious links across multiple platforms. The Ghost Network is a sophisticated operation that uses fake and compromised accounts to act in a legitimate way while spreading and promoting malware. The first discovered Ghost Network operates on GitHub. The operator behind Stargazers Ghost Network controls over 30,000 GitHub accounts, driving rapid infections and generating significant profits in a remarkably short period. What makes this operation particularly dangerous is its ability to bypass platform defenses, minimizing the impact of any countermeasures imposed by GitHub. The continuous activity and low downtime of the distribution process allow the malware campaign to persist with little interruption. The great success of the original GitHub-based Ghost Network has spurred its expansion to multiple other popular online platforms, significantly broadening the reach of this insidious malware distribution method and making it harder to contain.
Antonis Terefos Malware Reverse Engineer, Check Point Software Technologies
Antonis Terefos is a malware reverse engineer at Check Point Research with experience in the cyber threat landscape. He specializes in dissecting and analyzing malicious software to uncover hidden threats within the ever-evolving cyber threat landscape. In addition to his professional work, Antonis enjoys testing malware command-and-control (C2) infrastructures in his spare time. By exploring these C2 systems, he gains valuable insights into the strategies and tactics employed by threat actors, enriching his overall understanding of the adversarial landscape.