ڈیولپرز پر حملہ کرنے کے لیے مالویئر کلون شدہ GitHub ریپوزٹریز

ہزاروں کی تعداد میں GitHub کے repositories have been copied, and the clones include malware, as a software engineer by the name of Stephen Lacy has been able to verify. He calculates that there are 35,000 cloned repositories.

While the cloning of open source repositories is a common development practice, in this case, it involves threat actors creating copies of legitimate projects but contaminating them with malcious code to target unsuspecting developers with these clones.

GitHub has said that it has already removed most of the malicious repositories after receiving the engineers’ report, although there is no concrete number.

This Was The Discovery

The thousands of affected projects are copies or clones of legitimate projects allegedly created by threat actors to introduce میلویئر This means that official projects such as crypto, golang, python, js, bash, docker, and k8s have not been affected, but a developer can come across a copy without knowing what it is.

The engineer who raised the alarm reviewed an open source project that Lacy had “found on a Google search” and saw the following URL in the code she shared on Twitter.

میں اس بات کا پردہ فاش کر رہا ہوں جس پر بڑے پیمانے پر میلویئر حملہ لگتا ہے۔ github.

- فی الحال 35k سے زیادہ ذخیرے متاثر ہیں۔
- اب تک پراجیکٹس میں پایا گیا ہے بشمول: کرپٹو، گولانگ، ازگر، جے ایس، باش، ڈوکر، کے 8 ایس
- اسے این پی ایم اسکرپٹس، ڈوکر امیجز اور انسٹال دستاویزات میں شامل کیا جاتا ہے۔ pic.twitter.com/rq3CBDw3r9

— سٹیفن لیسی (@stephenlacy) اگست 3، 2022

Developer James Tucker pointed out that the cloned repositories containing the malicious URL contained a one-line backdoor. These threats can give threat actors vital secrets such as your API keys, tokens, Amazon AWS credentials, and cryptographic keys.