Cryptocurrencies . 5 Aug 2022

Github Malware Clone Thousands Of Repos Alarming Crypto Developers

by Prerna Mishra
Github Malware Clone Thousands Of Repos Alarming Crypto Developers
Read News

Read news for me

A Github malware has cloned nearly 35,000 Github repositories, according to a security researcher. 

The malware doesn’t clone just cryptocurrency-related code repositories.

In a report published by Bleeping Computer, the repositories weren't hacked, but rather cloned and altered to include the malware. 

The primary reason behind such code injection is to gain access to the devices of unsuspecting developers when they clone (a process of downloading code to their local devices) these infected repositories.

It affected a wide range of verticals including Go Lang, Python, JavaScript, Bash, Docker, and Kubernetes. The original repositories were not compromised. 

Github immediately took action by removing such cloned repositories and quarantining them.

It found more than 13,000 search results originating from 'redhat-operator-ecosystem'. The malicious URL contained both an environmental variable extractor and a one-line backdoor, according to Bleeping Computer.

AWS credentials, API keys, tokens, and crypto keys can be stored in these environment variables. All users who install and run copies of the malware are also susceptible to remote attackers executing arbitrary code on their systems to steal funds.

According to Miles Deutscher, crypto has had a terrible week in terms of security. 

Last week nearly $8 million was stolen from approximately 8,000 Solana wallets following the disastrous Nomad bridge exploit worth $200 million.

Despite the setbacks, markets are on an uptrend with the total market capitalization at $1.12 trillion, up 1.7% on the day.