Posts: 14,228
Threads: 9,428
Thanks Received: 8,996 in 7,147 posts
Thanks Given: 9,747
Joined: 12 September 18
25 February 25, 09:25
Quote:We discovered over 200 repositories with fake projects on GitHub. Using them, attackers distribute stealers, clippers, and backdoors.
Can you imagine a world where, every time you wanted to go somewhere, you had to reinvent the wheel and build a bicycle from scratch? We can’t either. Why reinvent something that already exists and works perfectly well? The same logic applies to programming: developers face routine tasks every day, and instead of inventing their own wheels and bicycles (which might even be not up to par), they simply grab ready-made bicycles code from open-source GitHub repositories.
This solution is available to anyone — including criminals who use the world’s best free open-source code as bait for attacks. There’s plenty of evidence to back this up, and here’s the latest: our experts have uncovered an active malicious campaign, GitVenom, targeting GitHub users.
What is GitVenom
?GitVenom is what we named this malicious campaign, in which unknown actors created over 200 repositories containing fake projects with malicious code: Telegram bots, tools for hacking the game Valorant, Instagram automation utilities, and Bitcoin wallet managers. At first glance, all the repositories look legitimate. Especially impressive is the well-designed README.MD file — a guide on how to work with the code — with detailed instructions in multiple languages. In addition to that, attackers added multiple tags to their repositories.
Attackers used AI to write detailed instructions in multiple languages
Another indicator reinforcing the apparent legitimacy of these repositories is the large number of commits. The attackers’ repositories have tons of them — tens of thousands. The attackers weren’t, of course, manually updating each of the 200 repositories to maintain authenticity, but simply used timestamp files that updated every few minutes. The combination of detailed documentation and numerous commits creates the illusion that the code is genuine and safe to use.
Continue Reading...