AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Silent infiltration: the malicious code epidemic on GitHub

Impact of malicious code in repositories: security risks in software development

Cybercriminals have cloned over 100,000 GitHub repositories, inserting malware that steals sensitive data. They use deceptive forks and sophisticated techniques to hide malicious code.

This pill is also available in Italian language

Recent investigations conducted by cybersecurity firm Apiiro revealed an extensive compromise of repositories on GitHub. The software development hosting platform was targeted by cybercriminals who replicated and modified over 100,000 repositories with malicious code. The malicious attack, initially detected on PyPI, quickly spread by exploiting the massive cloning of repositories already in circulation, thus increasing the extent of the damage.

Deception strategies and malicious forks

The authors of this malware campaign disguise their dangerous creations as legitimate copies of authentic repositories on GitHub, using the same names. The malware is incorporated into the original code, then through an incessant repetition of forks, it continues its infectious chain. With compromised repositories in wide circulation, large numbers of package developers and users have unknowingly downloaded and activated pernicious payloads under the guise of genuine software.

Harmful effects of malware

Upon opening contaminated repositories, attackers deploy malicious code designed to extort sensitive information such as credentials, passwords, and browsing cookies. More precisely, the intrusive software implemented is a variation of BlackCap-Grabber , designed to remove sensitive data and transfer it to command and control servers operated by cybercriminals, thus adding a further set of harmful actions.

Sophisticated evasion techniques

An examination carried out by the Trend Micro group highlighted that the malware uses advanced methods to hide its malicious presence within the source code of the repositories. Note the adoption of exec smuggling , a trick for executing code in a harmlessly flashy dynamic manner by spacing the exec statement with large sequences of white space, thus evading visual inspections during code reviews.

Follow us on Threads for more pills like this

03/03/2024 14:08

Marco Verro

Complementary pills

New phishing campaign exploits AWS and GitHub to spread trojansSophisticated techniques and cloud services as vehicles for emerging threats

How the Lazarus group is leveraging GitHub for targeted attacksCyber security: Lazarus group aims to compromise developers on GitHub

Fraudulent GitHub intrusion: fake accounts spread malwareA network of fake researchers is using GitHub to spread malicious code masquerading as proofs of concept for unknown vulnerabilities

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon