AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Silent infiltration: the malicious code epidemic on GitHub

Impact of malicious code in repositories: security risks in software development

Cybercriminals have cloned over 100,000 GitHub repositories, inserting malware that steals sensitive data. They use deceptive forks and sophisticated techniques to hide malicious code.

This pill is also available in Italian language

Recent investigations conducted by cybersecurity firm Apiiro revealed an extensive compromise of repositories on GitHub. The software development hosting platform was targeted by cybercriminals who replicated and modified over 100,000 repositories with malicious code. The malicious attack, initially detected on PyPI, quickly spread by exploiting the massive cloning of repositories already in circulation, thus increasing the extent of the damage.

Deception strategies and malicious forks

The authors of this malware campaign disguise their dangerous creations as legitimate copies of authentic repositories on GitHub, using the same names. The malware is incorporated into the original code, then through an incessant repetition of forks, it continues its infectious chain. With compromised repositories in wide circulation, large numbers of package developers and users have unknowingly downloaded and activated pernicious payloads under the guise of genuine software.

Harmful effects of malware

Upon opening contaminated repositories, attackers deploy malicious code designed to extort sensitive information such as credentials, passwords, and browsing cookies. More precisely, the intrusive software implemented is a variation of BlackCap-Grabber , designed to remove sensitive data and transfer it to command and control servers operated by cybercriminals, thus adding a further set of harmful actions.

Sophisticated evasion techniques

An examination carried out by the Trend Micro group highlighted that the malware uses advanced methods to hide its malicious presence within the source code of the repositories. Note the adoption of exec smuggling , a trick for executing code in a harmlessly flashy dynamic manner by spacing the exec statement with large sequences of white space, thus evading visual inspections during code reviews.

Follow us on WhatsApp for more pills like this

03/03/2024 14:08

Editorial AI

Complementary pills

New phishing campaign exploits AWS and GitHub to spread trojansSophisticated techniques and cloud services as vehicles for emerging threats

How the Lazarus group is leveraging GitHub for targeted attacksCyber security: Lazarus group aims to compromise developers on GitHub

Fraudulent GitHub intrusion: fake accounts spread malwareA network of fake researchers is using GitHub to spread malicious code masquerading as proofs of concept for unknown vulnerabilities

Last pills

Career opportunities in Italian intelligence: entering the heart of securityFind out how to join the intelligence forces and contribute to national security

Hacker attack impacts Microsoft and US federal agenciesNational security implications and strategic responses to credential theft

Implications and repercussions of the serious cyberattack on the Lazio NHSConsequences and punitive measures after the ransomware attack that brought the regional healthcare system to its knees

Telecommunications security: flaw exposes conversations and 2FA to the risk of interceptionRisk of privacy violation through call diversion: measures and industry responses