Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver
09-Dec-22
A previously unknown bespoke virus called Drokbk that leverages GitHub as a dead drop resolver to exfiltrate data from an infected machine or to accept orders has been linked to the Nemesis Kitten subgroup of an Iranian nation-state group.
Rafe Pilling, chief researcher at Secureworks, claimed that the malware blends in better because of its use of GitHub as a “virtual dead drop.” “Since GitHub only accepts encrypted traffic, no information is transferred back and forth that defensive systems can decrypt. Additionally, GitHub raises fewer concerns because it is a reputable service.”
