‘Water Curse’ Targets Infosec Pros Via Poisoned GitHub Repositories www.darkreading.com/cyberatta…

The emerging threat group attacks the supply chain via weaponized repositories posing as legitimate pen-testing suites and other tools that are poisoned with malware.

A newly identified threat group has weaponized GitHub repositories offering what appear to be legitimate pen-testing and other security tools to deliver malware via malicious build scripts and project files. The campaign threatens the supply chain, particularly cybersecurity professionals, game developers, and DevOps teams that rely on open source tooling.

Researchers from Trend Micro discovered the activity, which they believe is the work of an emerging group they track as “Water Curse,” according to a blog post published today. The multistage malware contained in the repositories has a range of capabilities, including data exfiltration for credentials, browser data, and session tokens, as well as remote access and long-term persistence on infected systems.