Check Point researchers have discovered a network of 3,000 malicious accounts on GitHub spreading malware. The first accounts that are part of the “Stargazers Ghost Network” likely existed as early as August 2022.

According to Check Point researcher Antonis Terivos, The group behind the network managed to make the pages on GitHub look real. The repositories claimed, among other things, to provide code for running VPNs or licensing Adobe Photoshop. In reality, they were associated with ransomware and malware, including malware such as Atlantida Stealer, Rdhamanthys, and Lumma Stealer.

The network is called the Stargazers Ghost Network by Check Point, named after one of the first accounts discovered by researchers. The group behind the network is charging hackers who use its services, and that’s true. Distribution as a Service (DaaS) mentioned.

The GitHub operation was discovered by Check Point due to an advertisement on the dark web. During the period that Check Point monitored Stargazer Goblin’s advertising campaigns, from mid-May to mid-June 2024, it is estimated that the network earned around $8,000. Over the lifetime of the network, this amount could be around $100,000.

GitHub has now taken action against fake accounts, According to WiredEarlier this year, researchers from security firm Apiiro also revealed that the platform is riddled with malicious repositories. The platform has over 100 million users and over 400 million repositories, making it an attractive target for cybercriminals.