• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 19th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Data-Stealing Malware ‘Dimnie’ Targeting Developers on Github

March 31st, 2017 Ali Raza Security, Malware 0 comments
Data-Stealing Malware ‘Dimnie’ Targeting Developers on Github
Share on FacebookShare on Twitter

A new series of malware attacks has occurred, and this time, the targets are the owners of Github repositories. Developers who own these repositories were a target of phishing emails that contained a malware capable of stealing data through keyloggers and modules that take screenshots.

In January 2017, several of the developers at GitHub received supposed job offer emails attached with malicious .doc files containing embedded macro. The macro executed a PowerShell command that would grab the malware from command and control center and execute itself.

Hey. I found your software is online. Can you write the code for my project? Terms of reference attached below. The price shall discuss, if you can make. Answer please.

And…

Hello,

My name is Adam Buchbinder, I saw your GitHub repo and I’m pretty amazed. The point is that I have an open position in my company and looks like you are a good fit.

Please take a look into attachment to find details about company and job. Don’t hesitate to contact me directly via email highlighted in the document below.

Thanks and regards,
Adam.

It’s been discovered that the binary dropped during the attack is called Dimnie and has circulated since 2014 while targeting Russian-speaking individuals. The reasons behind this attack are still unknown, although it’s suspected that the attackers were after one or more of the projects hosted on the platform. The developers said that these projects would be an attractive target for both cybercriminals and nation-state attackers.

Senior threat researcher Brandon Levene said that the malware is a relatively unknown threat outside of the Russian-speaking world and that this is why it took them by surprise. Dimnie is known to use stealth as its specialty. It disguises its HTTP requests to the command and control infrastructure in a GET request to a defunct Google service called Google PageRank.

In order to deceive, as said by Levene, an IP address was found in a DNS lookup request preceding the GET request that as the real destination IP for the follow-up HTTP request.

Palo Alto reports that “Sending the request to an entirely different server is not complicated to achieve, but how many analysts would simply see a DNS request with no [apparent] related subsequent traffic? That is precisely what Dimnie is relying upon to evade detections.”

What this means is that Dimnie tries to appear to be a regular, legitimate traffic, which is more challenging due to the type of data that’s usually moving off the victim’s device.

[fullsquaread][/fullsquaread]

The new practice that has been observed in the more recent attacks is that the payloads don’t leave any artifacts on the hard drive, but are instead injected into memory. Several modules have been discovered, some of which extract system data, enumerate running processes, keyloggers, screenshots and even a self-destruct module which deletes all files on the drive.

Despite the attack, Levene has stated that the command and control infrastructure still operates and that Dimnie continues to be used against the Russian-speakers.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Cyber Crime
  • GitHub
  • internet
  • Malware
  • Privacy
  • security
  • TROJAN
Facebook Twitter LinkedIn Pinterest
Previous article IXmaps Map reveals if your Internet traffic is being monitored by the NSA
Next article New Android ransomware proves why antivirus software are a joke
Ali Raza

Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. His work has been featured in many major crypto and tech websites including Hacked, Hackread, ValueWalk, Cryptoslate, CCN, and Globlecoinreport to name a few. Raza is the co-founder of 5Gist.com, too, a site dedicated to educating people on 5G technology.

Related Posts
WhatsApp Pink is malware spreading through group chats

WhatsApp Pink is malware spreading through group chats

2021 and Emerging Cybersecurity Threats

2021 and Emerging Cybersecurity Threats

Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hackers claims to be selling 13tb of Domino’s India data
Hacking News

Hackers claims to be selling 13tb of Domino’s India data

WhatsApp Pink is malware spreading through group chats
Security

WhatsApp Pink is malware spreading through group chats

A hacker claims to be selling sensitive data from OTP generating firm
Hacking News

A hacker claims to be selling sensitive data from OTP generating firm

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us