Ransomware is a rather popular form of malware. Once it is able to access a machine, it locks the user out and demands money from him/her to reinstate access to the machine’s normal functionality. Criminals have found a new way to entice users into installing ransomware, by hosting their malware on SourceForge and GitHub pages.
The authors of the said ransomware are making use of Stamp EK exploit kit to infect the victim machines. The fact that this malware uses GitHub is quite worrying because when a malware is hosted on a legal website, it becomes hard to discern and root out.
When users punch in a query ‘fake nude pics’ together with ‘site:github.com’, the search on any search engine coughs up many links, most of which take the users to a page hosting the ransomware. Once the users clicks on the link, he goes to that specific page which may contain pornography or a range of other fake-branded material.
As the user visits the website, the ransomware is installed on his/her machine. Eventually, the ransomware locks the user out of his/her machine, telling him/her that he/she has been viewing ‘illegal pornography’ or some other similar message, after which it demands the user to pay $300 if he/she wishes to resume access to the machine.
Normally, resumption of access is possible by cleaning the computer, but many users often fall for the trap. SourceForge has revealed that it is well aware of the issue and is actively trying to root out the problem. According to a spokesperson for the website,
“We would like to state that no malware in this instance was hosted on SourceForge. Second, we are working to make sure these links are removed from any search engines or other online reference points in every effort to spare other potential victims of the threat. Our mission at SourceForge is to be the trusted name in open source software. We work with our community of open source developers and users to host and distribute hundreds of thousands of software projects every day. We will continue to work on this issue until it is fully resolved and will do everything in our power to make sure we remain true to our mission.”
Source: GFI Labs