GitHub, a cornerstone for programmers worldwide, faces a severe threat as an unknown attacker deploys an automated assault, cloning and creating malicious code repositories. The attack, involving sophisticated obfuscation and social engineering, poses a significant challenge to GitHub’s security infrastructure.
An assailant employs an automated process to fork and clone existing repositories, concealing malicious code under seven layers of obfuscation. These rogue repositories closely mimic legitimate ones, contributing to the challenge of detection. Developers unknowingly forking affected repos unintentionally amplify the attack.
Once a developer utilizes a compromised repository, a hidden payload begins unpacking layers of obfuscation, revealing malicious Python code and a binary executable. The code then initiates the collection of confidential data and login details, which are subsequently uploaded to a control server.
Security provider Apiiro’s research and data teams report a substantial surge in the attack since its inception in May of the previous year.
While GitHub diligently removes affected repositories, its automation detection system struggles to catch all instances. With millions of uploaded or forked repositories, even a 1% miss-rate translates to potentially thousands of compromised repos still operational.
Initially modest in scale, the attack has grown in size and sophistication, presenting challenges
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: