• Tue. Nov 19th, 2024

GitHub is under automated attack by millions of cloned repositories filled with malicious code

Byadmin

Mar 1, 2024

GitHub has become a vital resource for programmers the world over, and an extensive knowledge base and repository for open-source coding projects, data storage and code management. However, the site is currently undergoing an automated attack involving the cloning and creation of huge numbers of malicious code repositories, and while the developers have been working to remove the affected repos, a significant amount are said to survive, with more uploaded on a regular basis.

An unknown attacker has managed to create and deploy an automated process that forks and clones existing repositories, adding its own malicious code which is concealed under seven layers of obfuscation (via Ars Technica). These rogue repositories are difficult to tell from their legitimate counterparts, and some users unaware of the malicious nature of the code are forking the affected repos themselves, unintentionally adding to the scale of the attack.

Source link