Malicious Github Accounts with gh-fake-analyzer
Contents
Malicious Github Accounts
See INVESTIGATIONS for some high-confidence accounts dumped using gh-analyze
tool.
Additionally, here’s the list of past investigations done with gh-fake-analyzer
.
Network of Fake Recruiter and Developer Accounts Linked to Lazarus
Lazarus patterns discovered with gh-fake-analyzer
Disclaimer: The confidence in detecting “malicious” GitHub profiles is low. Many regular user accounts may appear in the analysis files; this does not indicate their participation in any illegal activity. ANYBODY can edit the .git
file, and ANYBODY can commit code to GitHub. This tool is intended for reconnaissance purposes only. The information provided here may be incorrect. Please do not make any (baseless) accusations based on this content. All information is sourced from publicly available third-party sources and verified to the best of my ability (only).
It’s possible, to a certain degree, to define some metrics for classifying GitHub profiles as potentially malicious. However, motivated enough attackers can still bypass most of those checks and appear as professional engineers. …
See INVESTIGATIONS for some high-confidence accounts dumped using gh-analyze
tool.
Additionally, here’s the list of past investigations done with gh-fake-analyzer
.
Network of Fake Recruiter and Developer Accounts Linked to Lazarus
Lazarus patterns discovered with gh-fake-analyzer
Disclaimer: The confidence in detecting “malicious” GitHub profiles is low. Many regular user accounts may appear in the analysis files; this does not indicate their participation in any illegal activity. ANYBODY can edit the .git
file, and ANYBODY can commit code to GitHub. This tool is intended for reconnaissance purposes only. The information provided here may be incorrect. Please do not make any (baseless) accusations based on this content. All information is sourced from publicly available third-party sources and verified to the best of my ability (only).
It’s possible, to a certain degree, to define some metrics for classifying GitHub profiles as potentially malicious. However, motivated enough attackers can still bypass most of those checks and appear as professional engineers. …