ACM

Communications of the ACM

Home/News/Thousands of GitHub Repositories Hacked to Include.../Full Text

ACM TechNews

Thousands of GitHub Repositories Hacked to Include Malware

By Bleeping Computer
August 16, 2022
Comments

View as: Print Mobile App Share:

GitHub said that malicious code was posted to cloned repositories, not the repositories themselves.

Software developer Stephen Lacy identified a malicious URL in the code of an open source project on GitHub that he found through a Google search.

BleepingComputer searched GitHub and found over 35,000 results displaying files that contain that URL, with more than 13,000 of those search results from a single repository called "redhat-operator-ecosystem." That repository has since been removed from GitHub.

Software developer James Tucker found that cloned repositories containing the malicious URL exfiltrated a user's environmental variables, which could put such things as API keys, tokens, Amazon AWS credentials, and crypto keys at risk. It also included a one-time backdoor that could enable remote attackers to execute arbitrary code on the systems of users who install and run the malicious clones. The malicious clones have since been removed from GitHub.

From Bleeping Computer
View Full Article

No entries found

Thousands of GitHub Repositories Hacked to Include Malware

FBI Shuts Down China's 'Volt Typhoon' Hackers Targeting U.S. Infrastructure

Internet of Things Security and Privacy Labels Should Empower Consumers

Unlocking the Potential of Zero-Knowledge Proofs in Blockchain