Na tisoče GitHub repositories have been copied, and the clones include malware, as a software engineer by the name of Stephen Lacy has been able to verify. He calculates that there are 35,000 cloned repositories.
While the cloning of open source repositories is a common development practice, in this case, it involves threat actors creating copies of legitimate projects but contaminating them with malcious code to target unsuspecting developers with these clones.
GitHub has said that it has already removed most of the malicious repositories after receiving the engineers’ report, although there is no concrete number.
This Was The Discovery
The thousands of affected projects are copies or clones of legitimate projects allegedly created by threat actors to introduce zlonamerna programska oprema. This means that official projects such as crypto, golang, python, js, bash, docker, and k8s have not been affected, but a developer can come across a copy without knowing what it is.
The engineer who raised the alarm reviewed an open source project that Lacy had “found on a Google search” and saw the following URL in the code she shared on Twitter.
Odkrivam nekaj, kar se zdi ogromen in razširjen napad zlonamerne programske opreme @github.
– Trenutno je okuženih več kot 35 skladišč
– Doslej najden v projektih, vključno z: crypto, golang, python, js, bash, docker, k8s
– Doda se skriptom npm, slikam dockerjev in namestitvenim dokumentom pic.twitter.com/rq3CBDw3r9— Stephen Lacy (@stephenlacy) Avgust 3, 2022
Developer James Tucker pointed out that the cloned repositories containing the malicious URL contained a one-line backdoor. These threats can give threat actors vital secrets such as your API keys, tokens, Amazon AWS credentials, and cryptographic keys.
- Bitcoin
- blockchain
- skladnost z verigo blokov
- konferenca blockchain
- coinbase
- coingenius
- Coinnounce
- Soglasje
- kripto konferenca
- kripto rudarstvo
- Kripto novice
- novice o kriptovalutah
- cryptocurrencies
- cryptocurrency
- Decentralizirano
- Defi
- Digitalna sredstva
- ethereum
- strojno učenje
- nezamenljiv žeton
- platon
- platon ai
- Platonova podatkovna inteligenca
- Platoblockchain
- PlatoData
- platogaming
- poligon
- dokazilo o vložku
- trending
- W3
- zefirnet