GitHub Under Attack: Malicious Repositories Spread Malware

Why Trust Techopedia

GitHub users have been targeted again in a mischievous covert clipper malware attempt. 

The creative ploy disguised malicious code to trick users of GitHub’s popular search function when looking for popular terms.

Dangerous repositories were created with an automated update mechanism to change unimportant information in the log file regularly. This effectively increases the visibility while decreasing the chances of the malware being detected.

The embedded malware was padded out with many zeros, giving it a bloated size in excess of 32MB. This tricked anti-virus programs into not scanning it, making the imposition of clipper malware more likely.

Clippers steal clipboard information, and data copied and pasted, which is often used in cryptocurrency theft. This can be done as crypto users tend to copy and paste the recipient’s wallet details, which are difficult to memorize.

The clipper malware then changes the recipient’s wallet address to the one belonging to the scammers, duping the victim into sending the currency to the wrong account.

Checkmarx security researcher Yehuda Gelb commented on the latest hit on the open-source software supply chain.

“Attackers create malicious repositories with popular names and topics, using techniques like automated updates and fake stars to boost search rankings and deceive users,” he said.

The hackers’ desired outcome is to manipulate the search rankings on GitHub to drive their repositories to the top when users filter results based on the most recent updates. In addition to the regular updates, fake accounts generate review stars, further pretending authenticity.

Gelb continued, “In contrast to past incidents where attackers were found to add hundreds or thousands of stars to their repos, it appears that in these cases, the attackers opted for a more modest number of stars, probably to avoid raising suspicion with an exaggerated number.”

Checkmarx uncovered a technique known as star inflation last year when research found a flourishing black market operation involving online stores and chat groups selling GitHub stars to fraudulently increase the popularity of repositories.