GitHub faces widespread malware attacks affecting projects, including crypto
The developer who found the vulnerability asked developers to sign their revisions with the GPG key to ensure that all their revisions on the project can be checked.
New
GitHub, the leading developer platform, faced a widespread malware attack and reported 35,000 "code hits" in a day in which thousands of Solana-based wallets were hit sold out for millions of dollars.
The widespread attack was highlighted by GitHub developer Stephen Lucy, who first reported the incident on Wednesday. The developer encountered the issue while reviewing a project he found while doing a Google search.
I discovered what appears to be a massive, widespread malware attack on @github.
- Currently over 35,000 repositories are infected- So far found in projects such as: crypto, golang, python, js, bash, docker, k8s- It is added to npm scripts, docker images and to installation documents pic.twitter.com/rq3CBDw3r9
— Stephen Lacy (@stephenlacy) August 3, 2022So far, various projects (crypto, Golang, Python, JavaScript, Bash, Docker, and Kubernetes) have been affected by the attack. The malware attack targets docker images, installation documents, and the npm script, which is a convenient way to bundle common shell commands for a project.
To trick developers and gain access to critical data, the attacker first creates a fake repository (a repository contains all project files and the revision history of each file) and sends clones of legitimate projects to GitHub. For example, the following two snapshots show this legitimate crypto-miner project and its clone.
Original crypto mining project. Source: Github
Cloned crypto mining project. Source: GithubMany of these clone repositories were pushed as "pull requests", allowing developers to tell others about them.
The developer who found the vulnerability asked developers to sign their revisions with the GPG key to ensure that all their revisions on the project can be checked.
New
GitHub, the leading developer platform, faced a widespread malware attack and reported 35,000 "code hits" in a day in which thousands of Solana-based wallets were hit sold out for millions of dollars.
The widespread attack was highlighted by GitHub developer Stephen Lucy, who first reported the incident on Wednesday. The developer encountered the issue while reviewing a project he found while doing a Google search.
I discovered what appears to be a massive, widespread malware attack on @github.
- Currently over 35,000 repositories are infected- So far found in projects such as: crypto, golang, python, js, bash, docker, k8s- It is added to npm scripts, docker images and to installation documents pic.twitter.com/rq3CBDw3r9
— Stephen Lacy (@stephenlacy) August 3, 2022So far, various projects (crypto, Golang, Python, JavaScript, Bash, Docker, and Kubernetes) have been affected by the attack. The malware attack targets docker images, installation documents, and the npm script, which is a convenient way to bundle common shell commands for a project.
To trick developers and gain access to critical data, the attacker first creates a fake repository (a repository contains all project files and the revision history of each file) and sends clones of legitimate projects to GitHub. For example, the following two snapshots show this legitimate crypto-miner project and its clone.
Original crypto mining project. Source: GithubCloned crypto mining project. Source: GithubMany of these clone repositories were pushed as "pull requests", allowing developers to tell others about them.
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
