HQ/EMEAFind out how we can help your business
GitHub faces an automated attack from millions of cloned repositories containing malicious code. Based on reports, this attack combines advanced tactics and social manipulation, posing a formidable threat to the platform’s infrastructure and user base.
Renowned as a global foundation for programmers, GitHub is a massive repository for open-source projects, data storage, and code management. Still, threat actors have orchestrated an attack through an automated assault involving the replication of numerous malicious code repositories. Moreover, despite efforts to stop this onslaught, a significant portion persists, with new ones emerging consistently.
GitHub has an unidentified nemesis that initiated the propagation of malicious repositories.
Speculations have arisen regarding the identity of this GitHub attacker who duplicated existing repositories. This attack has successfully embedded and concealed malicious code behind seven layers of obfuscation tactics.
Investigations revealed that these counterfeit repositories resemble authentic ones, deceiving unsuspecting users into unintentionally contributing to the attack by splitting affected repositories.
Subsequently, upon utilisation, a hidden payload starts decrypting the obfuscated layers, deploying malicious Python code and a binary executable. This compromised code could steal sensitive data and login credentials, transmitting them to an attacker-controlled server.
On the other hand, separate research and data teams have monitored a resurgence of this attack since its modest inception in May last year. Despite GitHub’s prompt removal of compromised repositories, its automated detection system remains inadequate, enabling manually uploaded versions to infiltrate its repository.
As of now, there are millions of affected repositories on GitHub; even a 1% oversight rate translates to potentially thousands of compromised repositories circulating on the platform.
Although the attack began on a small scale, it has since evolved into a widespread and sophisticated campaign. Factors contributing to its efficiency include the platform’s expansive user base and the increasing complexity of the attack technique.
However, the most intriguing part of the attack is the combination of sophisticated automated methods and the introduction of human psychology. While the obfuscation techniques grow more sophisticated, the attackers heavily rely on social engineering to deceive developers into propagating the malicious code unknowingly, impairing the detection methods.
While GitHub has yet to provide specific details on the attack, it has assured users of its commitment to revamp policy violations. Nevertheless, the platform’s popularity makes it vulnerable, emphasising the ongoing struggle to mitigate the threat entirely.
