A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered that this same approach is being used to push binary “info stealing” malware to Windows computers.

Infected Magento Sites

Recently, we identified hundreds of infected Magento sites with the following injected script:

<script type="text/javascript" src="https://bit.wo[.]tc/js/lib/js.js“>

The contents of the js.js file included:

This code creates a hidden div and after a short delay displays a fake Flash Player update banner above the normal site content.

Continue reading GitHub Hosts Lokibot Infostealer at Sucuri Blog.

Via Sucuri.net