GitHub faces widespread malware attacks affecting projects, including crypto

Major developer platform GitHub faced a widespread malware attack and reported 35,000 “code hits” on a day that saw thousands of Solana-based wallets drained for millions of dollars.

The widespread attack was highlighted by GitHub developer Stephen Lucy who first reported the incident earlier on Aug. 3. The developer came across the issue while reviewing a project he found on a Google search.

So far, various projects from crypto, Golang, Python, js, Bash, Docker and Kubernetes were found to be affected by the attack. The malware attack is targeted at the docker images, install docs and npm script, which is a convenient way to bundle common shell commands for a project.

To dupe developers and access critical data, the attacker first creates a fake repository (a repository contains all of the project’s files and each file’s revision history) and pushes clones of legit projects to GitHub. For example, the following two snapshots show this legit crypto miner project and its clone.

Original Crypto Mining Project Source: GithubCloned Crypto Mining Project Source: Github

Many of these clone repositories were pushed as “pull requests.” Pull requests let developers tell others about changes they have pushed to a branch in a repository on GitHub.

Related: Nomad reportedly ignored security vulnerability that led to $190M exploit

Once the developer falls prey to the malware attack, the entire environment variable (ENV) of the script, application, or laptop (electron apps), is sent to the attacker’s server. ENV includes security keys, AWS access keys, crypto keys and much more.

The developer has reported the issue to GitHub and advised developers to GPG sign their revisions made to the repository. GPG keys add an extra layer of security to your GitHub accounts and software projects by providing a way of verifying all revisions come from a trusted source

All Dutch and English crypto news!

Sam Bankman-Fried sentenced to 25 years in prison

Judge Lewis Kaplan found that the former FTX CEO also committed witness tampering and perjury based on his testimony at trial over user funds. Breaking news Own...

Bitcoin whales copy classic bull market moves as BTC price eyes $72K

Bitcoin sets a positive tone into the U.S. holiday weekend as a Coinbase-induced BTC price dip fails to keep bulls back for long. Market Update Own this...

Bitget Announces Listing of ABBLE (ABBL): The Latest Meme Token on Solana

Victoria, Seychelles, March 28th, 2024, Chainwire Bitget, a world leading cryptocurrency exchange and Web3 company, is pleased to announce the listing of ABBLE (ABBL), the newest...

De dominantie van Solana groeit, dit is waarom

De opvallende stijging van Solana (SOL) met meer dan 850% in het afgelopen jaar heeft de Altcoin-markt op zijn kop gezet, waarbij de prestaties van...

Beste exchanges

Koop je crypto bij Bitvavo