AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Silent infiltration: the malicious code epidemic on GitHub

Impact of malicious code in repositories: security risks in software development

Cybercriminals have cloned over 100,000 GitHub repositories, inserting malware that steals sensitive data. They use deceptive forks and sophisticated techniques to hide malicious code.

This pill is also available in Italian language

Recent investigations conducted by cybersecurity firm Apiiro revealed an extensive compromise of repositories on GitHub. The software development hosting platform was targeted by cybercriminals who replicated and modified over 100,000 repositories with malicious code. The malicious attack, initially detected on PyPI, quickly spread by exploiting the massive cloning of repositories already in circulation, thus increasing the extent of the damage.

Deception strategies and malicious forks

The authors of this malware campaign disguise their dangerous creations as legitimate copies of authentic repositories on GitHub, using the same names. The malware is incorporated into the original code, then through an incessant repetition of forks, it continues its infectious chain. With compromised repositories in wide circulation, large numbers of package developers and users have unknowingly downloaded and activated pernicious payloads under the guise of genuine software.

Harmful effects of malware

Upon opening contaminated repositories, attackers deploy malicious code designed to extort sensitive information such as credentials, passwords, and browsing cookies. More precisely, the intrusive software implemented is a variation of BlackCap-Grabber , designed to remove sensitive data and transfer it to command and control servers operated by cybercriminals, thus adding a further set of harmful actions.

Sophisticated evasion techniques

An examination carried out by the Trend Micro group highlighted that the malware uses advanced methods to hide its malicious presence within the source code of the repositories. Note the adoption of exec smuggling , a trick for executing code in a harmlessly flashy dynamic manner by spacing the exec statement with large sequences of white space, thus evading visual inspections during code reviews.

Follow us on Telegram for more pills like this

03/03/2024 14:08

Editorial AI

Complementary pills

New phishing campaign exploits AWS and GitHub to spread trojansSophisticated techniques and cloud services as vehicles for emerging threats

How the Lazarus group is leveraging GitHub for targeted attacksCyber security: Lazarus group aims to compromise developers on GitHub

Fraudulent GitHub intrusion: fake accounts spread malwareA network of fake researchers is using GitHub to spread malicious code masquerading as proofs of concept for unknown vulnerabilities

Last pills

Global threat: serious security flaw discovered in the IEEE 802.11 Wi-Fi standardNew flaw in the IEEE 802.11 Wi-Fi standard exposes the security of global networks to serious risks

The fundamental aspects of computer security in everyday lifeProtection and prevention: how to safeguard personal data in the digital world

Black Basta hits Synlab: analysis of the attack and cybersecurity lessons for the healthcare sectorCyber defense strategies: how to protect healthcare infrastructures from ransomware

Google releases an emergency update for ChromeUrgent update to fix critical vulnerability in Chrome, users advised to install it immediately