Watch out from Juicy Potato in the latest Git for Windows version

Git logo

It is a common fact that all Github communities have used Git.

If you are not from the Github community, words of explanation can be found.

Git is open-source software for tracking changes to any set of files or code. This content tracker is used to coordinate the work of developers working together to create source code during software development. The main goals include speed, data integrity and managing distributed, non-linear workflows. Git simply allows users to track all code changes and also manage their projects by using simple commands.

But have you heard about the Juicy Potato? 

If someone did not, Juicy Potato is a weaponized version of RottenPotatoNG, which is basically a Windows privilege-escalation hacking tool.

Juicy Potato hacking tool is a popular exploit that is used in various attacks by many threat agents. It is primarily implemented on targeted machines in order to obtain higher privilege levels and achieve its goals. You can find more news and updates about his tool in the news since the fourth quarter of 2018.

But what is common for both Github and Juicy Potato? 

The latest Cybergamp research shows that some activity flagged as malicious may be detected when the Git application for Windows is trying to upgrade itself. The newest version (which is malicious) contains a file named Win32/Graphez!cl, a component of the notorious hacking tool Juicy Potato. 

We fetched information about the attempted malicious version of the software. The path is described below:

Our security measurements successfully detected, blocked and quarantined the malicious components. Nevertheless, even in the case of our client, the malware has been isolated before any impact has happened, spreading the information about such a high risk of malicious activity is crucial for the Git community. 

If you want to get to know more, do not hesitate to reach us via social media.

Spread the word