But what exactly do they do? What hackers are doing is sneaking encrypted payloads into content that, on paper, is legitimate. They are using platforms like GitHub. They hide them in user profiles on forums and news sites, as well as video descriptions on streaming platforms.
Malicious payload leaked
Hackers sneak in malicious payload without raising suspicions. They do this by using fake profile links on forums, video descriptions on certain platforms or news pages. This payload does not represent a direct threat to whoever visits that website, but rather occurs when downloading some content.
Furthermore, by using well-known pages, this can give a greater feeling of security. The victim does not believe that they are dealing with something malicious, just as antiviruses are not going to sound the alarm when they enter these websites.
This attack begins when the victim double-clicks on a file. malicious LNK shortcut. From there, it runs a PowerShell script explorer.ps1, which in turn downloads a payload that decodes a URL used to download and install the malware. These encrypted text files are posted on sites like GitHub and GitLab.
Subsequently, this attack, which uses malware EMPTYSPACE, downloads a backdoor as well as cryptocurrency miners that mine Monero, Ethereum, Dogecoin, and Bitcoin. It will also have the ability to infect USB drives and distribute malware, take screenshots or collect information of all kinds.
Protect yourself from these attacks
What can you do to protect yourself from attacks of this type? Without a doubt, the main thing is not make mistakes. You should not download any files from links that you cannot trust 100%. Much less install any software. It could be a trap, malware that also spreads to your pendrive and another device.
Although in this case it is not about exploiting a vulnerability, there are other threats that take advantage of recognized flaws. Therefore, it is advisable to have at all times updated the system. This will help you avoid many cybersecurity problems and keep your computer as protected as possible.
On the other hand, it is advisable to always have a good antivirus. Using security software can save you from many problems. Of course, make sure that you are going to install one with guarantees. You should read comments and ratings from other users to use an option that really contributes positively.
In short, we are facing a new threat capable of sneaking malware into a pendrive or any drive you put on your computer. It is essential that you take measures and protect yourself correctly. You must protect the browser, your system or any program you use.