1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • GitHub under attack millions of malicious cloud repositories bom

    From TechnologyDaily@1337:1/100 to All on Thu Feb 29 14:45:05 2024
    GitHub under attack millions of malicious cloud repositories bombard website

    Date:
    Thu, 29 Feb 2024 14:35:33 +0000

    Description:
    Hackers are cloning malicious repositories in the millions, putting countless projects at risk of data theft.

    FULL STORY ======================================================================

    Hackers have found a way to automate duplicating malicious GitHub packages, bombarding the open source cloud repository with millions of repos capable of stealing sensitive information and information cookies.

    Cybersecurity researchers from Apiiro Matan Giladi and Gil David explained
    how since the middle of 2023, hackers have engaged in a typosquatting attack against software developers on an enormous scale. First, they would clone an existing repository, possibly one thats popular among the developers (such as WhatsappBOT, discord-boost-too, and similar), and infect it with a malware loader.

    The loader, hidden behind seven layers of obfuscation, drops a modified version of the open source BlackCap-Grabber. This infostealer grabs authentication cookies and login credentials from a wide array of apps, and sends them to a server under the attackers control. BlackCap-Grabber also performs a long series of additional malicious activities, the researchers added. Hundreds of thousands of repos

    Once the loader is set up and in place, the attackers will upload it back to GitHub with an identical name, in an attempt to get unsuspecting developers
    to download the wrong one. Then, they would automatically fork the repository thousands of times, resulting in hundreds of thousands of malicious repositories sitting on the platform. The attack impacted more than 100,000 GitHub repositories, the researchers said, speculating that the actual number is in the millions.

    Finally, the attackers would promote the malicious packages on the web, in different forums, discord channels, and similar, to get as many people to download them.

    To make matters even worse, some developers started forking the malicious forks themselves, unknowingly further propagating the campaign.

    GitHub has a way to tackle the problem, it was said. Using artificial intelligence, it manages to stop the vast majority of cloned packages before ever reaching the platform. However, 1% survive, amounting to thousands of malicious repos it was said.

    Via Ars Technica More from TechRadar Pro Thousands of Go module repositories on GitHub are vulnerable to attack Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/github-under-attack-millions-of-malicio us-cloud-repositories-bombard-website


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)