GitHub, a code repository with more than 83 million developers, has been targeted in a supply chain attack.
The attack was unearthed earlier this week by software developer Stephen Lacy and involved a hacker cloning and adding malicious code to more than 35,000 GitHub repositories while keeping intact the code’s original source code. Nearly 40 percent (13,000) of the repositories compromised originated from a single organization, called “redhat-operator-ecosystem” on the site, a spoof of the RedHat openshift ecosystem.
The cloned projects attempted to lure users to click on them by spoofing genuine user accounts, using names identical to the original project and legitimate-sounding firm names.
The malicious code allowed the repositories to exfiltrate the environment variables containing sensitive data like Amazon AWS credentials, API keys, crypto keys, and a one-line backdoor. The malware also allowed remote hackers to execute arbitrary code on those systems that install/run the clones.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: