GitHub faces Malware attack, and different projects suffer along with Crypto

Popular developer platform GitHub encountered a malware attack and informed 35,000 “code hits” on a day that also witnessed thousands of Solana-based wallets drained for millions of dollars.

The widespread attack was revealed by GitHub developer Stephen Lucy. Stephen who first reported the incident on Wednesday came across the issue while studying a project he found on a Google search.

Till now, numerous projects from crypto, Python, Golang, JavaScript, Bash, Docker, and Kubernetes have been affected by the attack. The malware attack is targeted at the docker images, install docs, and NPM script, which is a suitable way to bundle common shell commands for a project.

To deceive developers and access critical data, the attacker first makes a fake repository. This repository retains all of the project’s files and each file’s revision history. Afterward, the attacker pushes clones of legit projects to GitHub. For instance, the following two images illustrate this legit crypto miner project and its clone.

crypto-mining-project-github
Original Crypto Mining Project
clone-crypto-mining-project-github
Original Crypto Mining Project

The majority of these clone repositories were pushed as “pull requests,” which allow developers to tell others about modifications they have pushed to a branch in a repository on GitHub.

You may find this useful, US senator summons Apple and Google over fake Crypto Apps on their stores

Once the developer falls target to the malware attack, the entire environment variable (ENV) of the script, application, or laptop (Electron apps) is mailed to the attacker’s server. The ENV comprises security keys, Amazon Web Services access keys, crypto keys, and other critical information.

The developer has notified the issue to the GitHub platform. In addition, he also advised other developers to GPG-sign their revisions made to the repository. GPG keys add an additional layer of security to GitHub accounts and software projects by delivering a way of verifying all revisions come from an authorized source. Following up on the report of the attack from Stephen, GitHub responded and cleaned most of the code hits.


Hungry for more information?

NFT Calendar from NFTHi

Check out the Latest NFT News!

For more interesting updates on NFTs, connect with NFTHI on Twitter and Instagram.

Join us on Telegram!


NFTHI does not recommend any kind of Investment in NFTs or NFT trading. All the strategies are merely educational references.

Conduct thorough research before you start with NFTs

Share This Post

Related Posts

USAF Files Metaverse Trademark for Spaceverse

As per media reports, The US Air Force i.e....

Meta to support NFT Integration in 100 Countries

On Thursday, the Mark Zuckerberg-led company Meta initiated its...

FC Porto enters Metaverse, Becomes the first EU Football team to Join Upland

Upland informed today of a strategic alliance with FC...

Metaverse Boxing Game Starring Muhammad Ali to Be Released by ASM

Muhammad Ali NFT Game The first metaverse boxing game is...

Kim Kardashian charged by SEC for Crypto Promotion

Kim Kardashian has made it to the headlines and...

The Cryptocurrency Market is a Complete Mess

Cryptocurrency markets have dropped down in the last 24...
spot_img