LinuxQuestions.org - Malware campaign on GitHub...

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Malware campaign on GitHub... (https://www.linuxquestions.org/questions/linux-security-4/malware-campaign-on-github-4175734418/)

Jan K.

03-01-2024 07:47 AM

Malware campaign on GitHub...

Quote:

A malware distribution campaign that began last May with a handful of malicious software packages uploaded to the Python Package Index (PyPI) has spread to GitHub and expanded to reach at least 100,000 compromised repositories.

According to security firm Apiiro, the campaign to poison code involves cloning legitimate repos, infecting them with malware loaders, uploading the altered files to GitHub under the same name, then forking the poisoned repo thousands of times and promoting the compromised code in forums and on social media channels.

Saw that today over at el Reg... https://www.theregister.com/2024/03/...fork_campaign/

Should be a piece of cake for the Ms AI one would perhaps think?

Otoh, saw a couple of years ago that Ms would use AI to help with Ms updates and anyone following how that circus has turned out, then perhaps not.

Secure supply chain is of utmost importance these days...

Jan K.

03-04-2024 10:46 AM

Speaking of secure supply chains... https://popey.com/blog/2024/02/exodu...-490k-swindle/

Jan K.

03-25-2024 06:50 PM

Quote:

Over 170K users caught up in poisoned Python package ruse

Interesting links and background... https://www.theregister.com/2024/03/...ckage_malware/

Jan K.

03-28-2024 03:56 PM

From the daily news...

How to use hallucinating AI to inject poisoned software into the supply chain... https://www.theregister.com/2024/03/...ware_packages/

Walled gardens under attacks are nothing new, here's snap store "After multiple waves of cryptocurrency credential-stealing apps were uploaded to the Snap store, Canonical is changing its policies." https://www.theregister.com/2024/03/...p_store_scams/

Totally unrelated, but a fun AI event :D https://futurism.com/the-byte/ai-pow...less-screaming

rokytnji

03-28-2024 06:04 PM

It's everywhere. Glad I run a Window Manager

https://news.itsfoss.com/kde-plasma-...-theme-fiasco/

Jan K.

03-30-2024 04:56 PM

"...XZ security vulnerability due to malicious code making it into the codebase."

https://www.phoronix.com/news/XZ-CVE-2024-3094

"The resulting malicious build interferes with authentication in sshd via systemd. "

Updated:
....

"Access to this repository has been disabled by GitHub Staff due to a violation of GitHub's terms of service. If you are the owner of the repository, you may reach out to GitHub Support for more information."

The ToS violation presumably due to the compromised upstream commit access.

https://www.phoronix.com/news/GitHub-Disables-XZ-Repo

Jan K.

03-30-2024 05:25 PM

Just came across this interesting post on the inner workings of the attacking code...

https://lwn.net/ml/oss-security/2024...3.anarazel.de/

Jan K.

03-30-2024 06:16 PM

Found by chance...

"Someone put a lot of effort for this to be pretty innocent looking and decently
hidden. From binary test files used to store payload, to file carving,
substitution ciphers, and an RC4 variant implemented in AWK all done with just
standard command line tools. And all this in 3 stages of execution, and with an
"extension" system to future-proof things and not have to change the binary test
files again. I can't help but wonder (as I'm sure is the rest of our security
community) - if this was found by accident, how many things still remain
undiscovered."

https://lwn.net/ml/oss-security/2024...@openwall.com/

Everyone _really_ should read the entire thread. :hattip:

All times are GMT -5. The time now is 12:42 PM.