Crypto threat: Malware infiltrates Github by cloning thousands of Repos

[ad_1]

Developer platform Github has been inundated with malware that has infiltrated tens of thousands of repositories.

Up to 35,000 Github repositories have been cloned with malware according to a security researcher.

The widespread malware attack did not specifically target crypto repositories (repos), but they were among those affected.

Software engineer Stephen Lacy notified the crypto community of the hack on August 3.

I’m uncovering what appears to be a massive widespread malware attack @github.

– Currently over 35,000 repositories are infected
– So far found in projects like: crypto, golang, python, js, bash, docker, k8s
– Added to npm scripts, docker images and setup docs pic.twitter.com/rq3CBDw3r9

— Stephen Lacy (@stephenlacy) August 3, 2022

Clone Github repositories

Bleeping Computer Tech Portal mentionted that the repos were not hacked, but copied with their clones altered to include the malware. Cloning open source code is a common practice among developers, however, attackers have inserted malicious code and links into legitimate projects to target unsuspecting developers.

Several projects from crypto, Golang, Python, JavaScript, Bash, Docker and Kubernetes have been affected by the attack, the researcher noted.

While reviewing a project he had found from a Google search, the engineer noticed a malicious URL in the code. A Github repositories scan for this URL returned more than 35,000 results.

Bleeping Computer said more than 13,000 search results came from a single repository called “redhat-operator-ecosystem.” The malicious URL “infiltrated a user’s environment variables, but additionally contained a one-line backdoor,” the report added.

These environment variables can contain sensitive data such as API keys, tokens, Amazon AWS credentials, and encryption keys. The malware also allows remote attackers to execute arbitrary code on the systems of anyone who installs and runs the clones.

The majority of the cloned repos had surfaced last month, the report said.

Github confirmed that the original repositories had not been compromised and had cleaned or quarantined the clones.

GitHub is investigating the Tweet posted on Wednesday, August 3, 2022:
* No repositories were compromised
* The malicious code was published in cloned repositories, not the repositories themselves
* Clones were quarantined and there was no apparent compromise of GitHub or maintainer accounts

— GitHub Security (@GitHubSecurity) August 3, 2022

Last month, BeInCrypto reported that a new strain of malware written in Rust was making the rounds. Luca Stealer targets Windows operating systems and steals sensitive information such as crypto wallet information. The malware was also distributed on Github.

Bad week in crypto

DeFi researcher Miles Deutscher pointed out that it hasn’t been a great week in crypto. Earlier this week, the Nomad bridge was hacked for $190 million and a few hours after that, around 8,000 Solana wallets were hacked resulting in the theft of around $8 million.

The last 5 days in crypto:

• $100 million $ONE hack.

• $190 million Nomad bridge hack (4th largest DeFi exploit in history).

• $SOL private key breach (over 8,000 wallets affected);

• GitHub malware attack (35k repositories infected).

— Miles Deutscher (@milesdeutscher) August 3, 2022

Markets appear to remain unaffected as total market capitalization has gained 1.7% on the day to reach $1.12 trillion at the time of writing.

Denial of responsibility

All information contained on our website is published in good faith and for general information purposes only. Any action the reader takes on the information found on our website is strictly at their own risk.

[ad_2]

Source link

Clone Github repositories

Bad week in crypto

Denial of responsibility

Leave a Reply Cancel reply

Related News

You may have missed