GitHub users are being targeted with malicious (opens in new tab) copies of legitimate repositories, a cybersecurity researcher recently uncovered.
Preying on developers who are either short on time, reckless, or just overworked, someone has been copying official GitHub projects such as crypto, golang, python, js, bash, docker, k8s, giving them names similar to the original projects, and slightly altering them in a way that they contain malicious code.
The cunning plan was first spotted by software developer Stephen Lacy, who after reviewing one open source project, noticed a malicious URL hidden within. A quick search through GitHub soon established that more than 35,000 repositories carried the same URL.
Original repositories intact
Another developer, James Tucker, further found the repositories were designed to siphon user environment variables, steal API keys, tokens, crypto keys, but also execute arbitrary code on affected endpoints (opens in new tab).
This kind of information can be used in identity theft attacks or ransomware (opens in new tab) campaigns.
GitHub has since removed the malicious repositories and issued a short statement via Twitter, saying: “GitHub is investigating the Tweet published Wed, Aug. 3, 2022. No repositories were compromised. Malicious code was posted to cloned repositories, not the repositories themselves. The clones were quarantined and there was no evident compromise of GitHub or maintainer accounts.”
While the majority of malicious code changes were made in the last couple of months, with some found to be dating back seven years.
GitHub is one of the biggest open source code repositories in the world, and as such, frequently targeted. Developers are advised to always be extra careful when pulling code from the platform, to pay attention to potential typosquats or repository copies, clones, or forks.
One way to make sure they’re looking at the legitimate code is to look for code commits signed with GPG keys of the project’s authors, the publication concludes.
Via: BleepingComputer (opens in new tab)
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba