Head Topics

GitHub struggles to keep up with automated malicious forks

Australia News News

GitHub struggles to keep up with automated malicious forks
Australia Latest News,Australia Headlines
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 40 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 19%
  • Publisher: 61%

Cloned then compromised, bad repos are forked faster than they can be removed

According to security firm Apiiro, the campaign to poison code involves cloning legitimate repos, infecting them with malware loaders, uploading the altered files to GitHub under the same name, then forking the poisoned repo thousands of times and promoting the compromised code in forums and on social media channels. Such attacks add hundreds of whitespace characters to push the exec function offscreen as a defense against manual scrutiny.

"Because the whole attack chain seems to be mostly automated on a large scale, the one percent that survive still amount to thousands of malicious repos," the authors wrote, adding that if you count removed repos in the total, the campaign probably involved millions of malicious clones and forks. They also point out that the scale of the attack is large enough to benefit from network effects, specifically developers who fork malicious repos without intending to use the software and don't realize they're validating and propagating malware.

GitHub, the researchers say, presents an effective way to compromise the software supply chain due to its support for the automatic generation of accounts and repos, its friendly APIs and soft rate limits, and its size.

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

TheRegister /  🏆 67. in UK

Australia Latest News, Australia Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

ANZ Bank test drives GitHub Copilot – and finds AI does give a helping handANZ Bank test drives GitHub Copilot – and finds AI does give a helping handExpert Python programmers saw the most benefit
Read more »

Spice Girl Mel B went from Wembley to sharing bed with kids and shopping at AldiSpice Girl Mel B went from Wembley to sharing bed with kids and shopping at AldiMel B has spoken about her struggles after her split from ex-husband Stephen Belafonte
Read more »

ANZ Bank test drives GitHub Copilot – and finds AI does give a helping handANZ Bank test drives GitHub Copilot – and finds AI does give a helping handExpert Python programmers saw the most benefit
Read more »

Redux AFM: Expanding Access to Automated Nanoscale ImagingRedux AFM: Expanding Access to Automated Nanoscale ImagingDavid Morris of ICSPI highlights the Redux AFM's ease of use, enhancing AFM accessibility for nanoscale imaging.
Read more »

Examining COP28's potential impact on climate changeExamining COP28's potential impact on climate changeIs the climate agreement enough to keep global temperatures in check?
Read more »

I won £1million lotto with my girlfriend then she dumped me ‘out of the blue’ and won’t give me a penny...I won £1million lotto with my girlfriend then she dumped me ‘out of the blue’ and won’t give me a penny...Man takes ex partner to court after she decides to keep lotto win to herself
Read more »



Render Time: 2025-03-25 11:11:39