Is GitHub Under Attack by Malicious Repositories?

  • Thread starter jedishrfu
  • Start date
In summary, GitHub, a popular platform for hosting and collaborating on software projects, has been facing a recent influx of malicious repositories. These repositories contain code that can compromise users' security and privacy, leading to concerns about the overall safety of the platform. GitHub is taking steps to address this issue and has advised users to be cautious when downloading code from unknown sources. The situation is ongoing and users are advised to regularly check for any suspicious activity on their accounts.
  • #1
jedishrfu
Mentor
Insights Author
15,075
9,610
TL;DR Summary
GitHub has been inundated with a flood of forked repos with embedded malware. They have been able to stem the tide, but their tools are still missing thousands of manually uploaded repos with malware.
https://arstechnica.com/security/20...-of-malicious-repositories-in-ongoing-attack/

GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency from developer devices, researchers said.

The malicious repositories are clones of legitimate ones, making them hard to distinguish to the casual eye. An unknown party has automated a process that forks legitimate repositories, meaning the source code is copied so developers can use it in an independent project that builds on the original one. The result is millions of forks with names identical to the original one that add a payload that’s wrapped under seven layers of obfuscation. To make matters worse, some people, unaware of the malice of these imitators, are forking the forks, which adds to the flood.

...
 
  • Informative
  • Like
Likes WWGD, jack action and Borg
Computer science news on Phys.org
  • #2
Good to know.

In general, I usually just fork to maintain a copy that I can examine for coding ideas and I've rarely ever cloned any to my desktop. In the past, I've found that most of the ones that I did try running have just enough odd dependancies that they aren't worth trying to run.

I don't tend to trust what I can't decipher. I've had to deal with hyper-obfuscated code on work projects and really don't trust that when I see it. :oldwink:
 
  • Like
Likes nsaspook
  • #3
The point is that folks are forking the repo and reposting it back to GitHub with embedded obfuscated malware. Developers might go for the forked version and so automatically install malware in their code.

This could apply to maven builds as well where libraries are corrupted with embedded malware. I know docker images have been built with embedded crypto mining capability.

https://blog.sonatype.com/malware-removed-from-maven-central

https://tuxcare.com/blog/unraveling-the-threat-of-new-docker-malware-campaign/

https://www.bleepingcomputer.com/ne...low-hackers-to-escape-docker-runc-containers/

I can see in the near future where AI models trained on this malware crap will be infected with malware and that may be the true purpose of this exercise in polluting the open source pool.
 
  • Sad
Likes Borg
  • #4
Now it's Hugging Face's turn for the malware circus.
Hugging Face, the GitHub of AI, hosted code that backdoored user devices
Code uploaded to AI developer platform Hugging Face covertly installed backdoors and other types of malware on end-user machines, researchers from security firm JFrog said Thursday in a report that’s a likely harbinger of what’s to come.
 
  • #5
I tend to believe these issues (while not that frequent in the past) are now being caused, with a faster frequency) by the amount of data generation we can perform nowadays with large language models.

Sadly, and I hope not, this will become a premium model for Github where free users won't be able to perform repository creation
 

FAQ: Is GitHub Under Attack by Malicious Repositories?

Is GitHub currently under attack by malicious repositories?

As of the latest information available, there have been instances where malicious repositories have been identified on GitHub. However, GitHub continuously monitors and takes action against such threats to maintain the security of its platform.

How can I identify a malicious repository on GitHub?

Identifying a malicious repository can be challenging, but some signs include suspicious commit messages, unexpected changes in code, and the presence of obfuscated or minified code. Always review the code and check the repository's history and contributors before using it.

What actions does GitHub take against malicious repositories?

GitHub has a dedicated security team that investigates reports of malicious repositories. They may remove or restrict access to these repositories, notify affected users, and collaborate with security researchers and law enforcement if necessary.

How can I protect my own repositories from malicious activity?

To protect your repositories, use strong authentication methods like two-factor authentication (2FA), regularly review and update dependencies, monitor for unusual activity, and follow best security practices for code management and collaboration.

What should I do if I suspect a repository is malicious?

If you suspect a repository is malicious, report it to GitHub using their reporting tools. Provide as much detail as possible, including the nature of the suspicious activity and any relevant links or evidence. GitHub's security team will investigate the report.

Similar threads

Physics Forums Privacy Policy
Replies
0
Views
96K
In The United States Today Science, Is Under Attack As Never Before
Replies
12
Views
3K

Hot Threads

Recent Insights

Back
Top