top of page
ad cnp.png

GitHub Faces Widespread Malware Attack And Reports 35,000 “Code Hits” Including Crypto

GitHub, the major developer platform, has faced a widespread malware attack and reported 35,000 “code hits” on a day that saw thousands of Solana-based wallets drained for millions of dollars.

It has been reported that the widespread attack was highlighted by GitHub developer Stephen Lucy, who first reported the incident earlier on Wednesday. The developer came across the issue while reviewing a project he found on a Google search.

However, so far, various projects, from crypto, Golang, Python, JavaScript, Bash, Docker and Kubernetes, have been found to be affected by the attack. The malware attack is targeted at the docker images, install docs and NPM script, which is a convenient way to bundle common shell commands for a project.

The report said that to dupe developers and access critical data, the attacker first creates a fake repository (a repository contains all of the project’s files and each file’s revision history) and pushes clones of legit projects to GitHub.

Likewise, many of these clone repositories were pushed as “pull requests,” which let developers tell others about changes they have pushed to a branch in a repository on GitHub. Once the developer falls prey to the malware attack, the entire environment variable (ENV) of the script, application or laptop (Electron apps) is sent to the attacker’s server.

The ENV includes security keys, Amazon Web Services access keys, crypto keys and much more. The developer has reported the issue to GitHub and advised developers to GPG-sign their revisions made to the repository.

Thus, GPG keys add an extra layer of security to GitHub accounts and software projects by providing a way of verifying all revisions come from a trusted source.

Source: Cointelegraph




bottom of page