Apiiro, a cybersecurity company, has reported that GitHub is currently under attack using a method of creating fake repositories embedded with malware. There are over 100,000 of these fake repositories.
The attack method involves cloning real repositories, embedding malware files, and then uploading them back to GitHub using the same repository name (but in different project accounts). These fake repositories are then promoted on forums and social media platforms in an attempt to confuse software developers (repo confusions) into downloading and running the malware code.
Apiiro has stated that GitHub’s automated detection system can delete many of these fake repositories, but some are still slipping through the cracks. This wave of fake repository creation began towards the end of 2023 and is still ongoing. Currently, there is no information on which hacker group is behind this attack.
Source: Apiiro via Ars Technica
TLDR: GitHub is facing a large-scale attack where fake repositories containing malware are being created and promoted to deceive developers. Despite efforts to delete these fake repositories, some are still managing to evade detection. The origin of the attack remains unknown.
Leave a Comment