Caution: Widespread Malware Clone Crypto Code Hits File Available on GitHub

Caution: Widespread Malware Clone Crypto Code Hits File Available on GitHub
Share this:

A recent report claims there is a widespread malware attack on GitHub which has affected over 35,000 code hits including;

  • Crypto 
  • GoLang
  • Python
  • Js
  • Bash
  • Docker
  • K8s 

This malware is reportedly added to npm scripts, docker images and install docs files. This malware exists in install docs such that a user downloading the installation files for desktop or mobile on GitHub gets to download the infected file. 

But recent claims suggests that it’s a creation from attackers which doesn’t affect original file created by the original author but rather creates an option which can confuse users downloading files.

How it Works

This attack will send the ENTIRE ENV of the script, application, and laptop (electron apps), to the attacker’s server when downloaded. These ENVs include:

  • Security Keys
  • AWS access keys
  • Crypto Keys (including private keys and seed phrase).

The attacker creates fake organisations /repositories and pushes clones of Legit projects to github. So when a user gets to github, he ends up downloading the clone and the original file is not accessed and the author gets blame not the hacker.

The attacker runs an arbitrary code on your server once the file is downloaded and he uploads your env. 

Caution: Users are advised to always use the correct link from the originating author on GitHub before downloading any file.


Discover more from DiutoCoinNews

Subscribe to get the latest posts sent to your email.

Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    Your email address will not be published. Required fields are marked *