
Someone is putting lots of work into hacking GitHub developers - alphabettsy
https://arstechnica.com/security/2017/03/someone-is-putting-lots-of-work-into-hacking-github-developers/
======
alphabettsy
It's linked in the story, but check-out the details:
[http://researchcenter.paloaltonetworks.com/2017/03/unit42-di...](http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-
hiding-plain-sight/)

------
Cpoll
> each one carried the same malicious .doc file as an attachment (SHA256:
> 6b9af3290723f081e090cd29113c8755696dca88f06d072dd75bf5560ca9408e). This file
> contained embedded macro code that executed a commonly observed PowerShell
> command to download and execute a file.

What versions of Word are vulnerable to this? Or is it a valid macro and
technically a feature?

As I recall, Start-Process wouldn't trigger any Windows security prompt
(although it might for remote-origin unsigned binaries?).

------
najajomo
'Someone is putting lots of work into hacking GitHub developers' only if they
use Microsoft Windows as their development platform.

~~~
raesene6
For this campaign. It's reasonable to suggest that there could be similar
malware affecting OSX assuming the group have a general target in mind and not
something specific to windows using developers...

