GitHub faces widespread malware attacks affecting projects, including crypto

Major developer platform GitHub faced a widespread malware attack and reported 35,000 “code hits” on a day that saw thousands of Solana-based wallets drained for millions of dollars.

The widespread attack was highlighted by GitHub developer Stephen Lucy who first reported the incident earlier on Aug. 3. The developer came across the issue while reviewing a project he found on a Google search.

So far, various projects from crypto, Golang, Python, js, Bash, Docker and Kubernetes were found to be affected by the attack. The malware attack is targeted at the docker images, install docs and npm script, which is a convenient way to bundle common shell commands for a project.

To dupe developers and access critical data, the attacker first creates a fake repository (a repository contains all of the project’s files and each file’s revision history) and pushes clones of legit projects to GitHub. For example, the following two snapshots show this legit crypto miner project and its clone.

Original Crypto Mining Project Source: GithubCloned Crypto Mining Project Source: Github

Many of these clone repositories were pushed as “pull requests.” Pull requests let developers tell others about changes they have pushed to a branch in a repository on GitHub.

Related: Nomad reportedly ignored security vulnerability that led to $190M exploit

Once the developer falls prey to the malware attack, the entire environment variable (ENV) of the script, application, or laptop (electron apps), is sent to the attacker’s server. ENV includes security keys, AWS access keys, crypto keys and much more.

The developer has reported the issue to GitHub and advised developers to GPG sign their revisions made to the repository. GPG keys add an extra layer of security to your GitHub accounts and software projects by providing a way of verifying all revisions come from a trusted source

All Dutch and English crypto news!

Bitcoin top $70K or $210K? Analysts, price models clash over BTC cycle peak

Veteran trader Peter Brandt sparked debate after suggesting BTC may have already hit its peak this cycle, but even he didn’t put much stock in...

Australia’s top exchange may approve spot Bitcoin ETFs this year: Report

Australia’s spot Bitcoin ETFs could see $3 billion to $4 billion of inflows within the first three years, according to Monochrome CEO Jeff Yew. News Own this...

Weekend Wrap: Bitcoin Hilton opens next year, BlackRock ETF 3 days of nil and more

The 80-room Hampton by Hilton hotel in El Salvador — funded with Bitcoin layer-2 tokenized bonds — will be fully operational by mid-2025. Recap Own this piece...

Chainlink weet de echte waarde van Real World Assets (RWA)

Ryan Lovell, directeur kapitaalmarkten bij Chainlink Labs, stelt dat finance niet de beste toepassing is voor tokenisatie, maar dat data uit de echte wereld dat...

Beste exchanges

Koop je crypto bij Bitvavo