Hey there! In this blog, we look into a #rust-lang based #infostealer for Windows, which exfiltrates credentials to a publicly forwarded port on an attacker-controlled #GitHub #Codespace.
https://bit.ly/ghcs-infostealer
In January, we (with @magnologan) predicted such abuse:
https://bit.ly/ghcs-abuse
#infosec #malware #cybersecurity
Rust-Based Info Stealers Abuse GitHub Codespaces
This is the first part of our security analysis of an information stealer targeting GitHub Actions (GHA) and GitHub Codespaces (CS) that discusses how attackers can abuse these cloud services for a variety of malicious activities.
Nitesh Surana 