Sign In

Communications of the ACM

ACM TechNews

Thousands of GitHub Repositories Hacked to Include Malware

View as: Print Mobile App Share:
colored circles around GitHub logo

GitHub said that malicious code was posted to cloned repositories, not the repositories themselves.

Software developer Stephen Lacy identified a malicious URL in the code of an open source project on GitHub that he found through a Google search.

BleepingComputer searched GitHub and found over 35,000 results displaying files that contain that URL, with more than 13,000 of those search results from a single repository called "redhat-operator-ecosystem." That repository has since been removed from GitHub.

Software developer James Tucker found that cloned repositories containing the malicious URL exfiltrated a user's environmental variables, which could put such things as API keys, tokens, Amazon AWS credentials, and crypto keys at risk. It also included a one-time backdoor that could enable remote attackers to execute arbitrary code on the systems of users who install and run the malicious clones. The malicious clones have since been removed from GitHub.

From Bleeping Computer
View Full Article


Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account