Attackers created more than 35 thousand clone repositories on GitHub and distributed malware

On August 3, developer Stephen Lacey said that he allegedly "found what could turn out to be a large-scale attack on 35 thousand GitHub repositories." In particular, they discussed projects such as crypto, golang, python, js, bash, docker, and k8s. Subsequently, it turned out that malicious code was embedded in their clones, writes Bleeping Computer.

On August 3, developer Stephen Lacey said that he had found what could be a large-scale malware attack on GitHub, which affected more than 35 thousand repositories. In particular, they discussed projects such as crypto, golang, python, js, bash, docker, and k8s.Through Google, the developer found an open source project, in which he noticed the address hxxp://ovz1.j19544519.pr46m.vps.myjino[.]ru. more than 35 thousand files on GitHub had the same URL. That is, it was not about infected repositories, but about the number of suspicious files.GitHub concluded that thousands of backdoor projects are copies (forks or clones) of real projects that attackers probably created to distribute malware. Details

Malicious code was added to most clone repositories in July of this year. However, there are also those that contain it since 2015. These clones allow remote access to tokens, Amazon AWS accounts, cryptographic keys, and more.

GitHub noted that it has removed all clone repositories from the platform.

Developers are advised not to forget to use software from the official project repositories and keep an eye out for potential typos, clones that may seem identical to the original, but contain malware.