According to Palo Alto Networks, attackers have been targeting developers who post to GitHub with a cyberespionage campaign that leverages malware called Dimnie. The malware has been spreading through phishing emails that ask for help with coding projects or offer to pay for custom development. The Word document attached to the emails downloads the malware, which has the ability to do keylogging, screen captures and more. Dimnie can also eliminate all traces of its presence from your system.
The campaign appears very similar to other recent attacks that have been carried out by nation-states. Experts say developers often have information that is highly valuable to attackers on their systems.