1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • GitHub malware spreads by hackers spoofing Microsoft files

    From TechnologyDaily@1337:1/100 to All on Mon Apr 22 11:15:04 2024
    GitHub malware spreads by hackers spoofing Microsoft files

    Date:
    Mon, 22 Apr 2024 11:00:00 +0000

    Description:
    Hackers have taken abusing the comments section to a whole new level.

    FULL STORY ======================================================================

    Hackers have found a way to upload malware to GitHub, and even have it look
    as if it was hosted and distributed by other, legitimate operators.

    This is according to a new report from cybersecurity researchers McAfee, who recently saw the LUA malware loader being distributed through what seems to
    be Microsofts GitHub repository.

    However the malware uploaded to GitHub has some curious features that make it very difficult to spot Disabling comments

    Here is an example of what a link to the malware looks like:

    https://github[.]com/microsoft/vcpkg/files/14125503/Cheat.Lab.2.7.2.zip

    Even though it would seem, from the link, that the .zip file was uploaded to the vcpkg library, opening it directly and looking for the archive will yield no results.

    Apparently, when a user wants to leave a comment on a commit or an issue,
    they can also add a file to that comment. That file will automatically be uploaded, and a link will be generated which looks like the one above. The best thing about it is that the user can post, and quickly delete the
    comment, and the file will remain uploaded and available. Whats more, they dont even have to post the comment, as drafting it will yield the same
    result.

    Right now there isn't any indication if this is a bug, or an intended feature on GitHubs side, but according to BleepingComputer , there is very little victim companies can do to protect themselves from being impersonated this way.

    The only solution is to disable comments altogether, but that brings more problems than it solves. Legitimate users will often take to the comments section to report bugs, or give quality suggestions for the project. Whats more, comments can only be disabled for a maximum of six months at a time. More from TechRadar Pro GitHub under attack millions of malicious cloud repositories bombard website Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/github-malware-spreads-by-hackers-spoof ing-microsoft-files


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)