Open-source developers who use Github are in the cross-hairs of advanced malware that has steal passwords, download sensitive files, take screenshots, and self-destruct when necessary.
Dimnie, as the reconnaissance and espionage trojan is known, has largely flown under the radar for the past three years. It mostly targeted Russians until early this year, when a new campaign took aim at multiple owners of Github repositories. One commenter in this thread reported the initial infection e-mail was sent to an address that was used solely for Github, and researchers with Palo Alto Networks, the firm that reported the campaign on Tuesday, told Ars they have no evidence it targeted anyone other than Github developers.
“Both messages appearing to be hand-crafted, and the reference to today’s data in the attachment file name IMHO hint at a focused campaign explicitly targeting targets perceived as ‘high return investments,’ such as developers (possibly working on popular/open-source projects,)” someone who received two separate infection e-mails reported in the thread.