Recently, we came across another way to use files from GitHub repositories in malware infections.

This time the infections weren’t via GitHub.io, raw.githubusercontent.com, or github.com///raw/ URLs. The new trick involved a third-party service called RawGit that provides a CDN for GitHub files.

This is the script that we found injected into .js and theme files on infected Drupal and WordPress sites.

Some of the infections were clearly buggy.

Continue reading RawGit CDN is Abused by CryptoLoot Cryptominers at Sucuri Blog.

Via Sucuri.net