October 3, 2023

A threat actor with a name “Pl0xP” cloned a large number of GitHub repositories and changed the cloned repository names, in a typosquatting effort to impersonate legitimate projects.

The widespread cloning a type of dependency confusion resulted in more than 35,000 insertions of a malicious URL into different code repositories, although the exact number of affected software projects is likely smaller.

Advertisements

If imported, the malicious code executes code on the system,This attack will send the comllete Environment variables of the script, application, laptop to the attacker’s server.

This forking in GitHub may not have been a real attack. A person claiming to have knowledge of the issue positioned the widespread typosquatting as a legitimate research effort.

GitHub seemingly cleaned up the malicious code commits,a search for the embedded bad URL turned up zero results.

Advertisements

In order to protect the projects, maintainers and developers should only trust those contributors that are known to them and have an extensive and verifiable commit history. They should also use the available tools such as digital signatures and MFA to secure their accounts.

Digital signatures for code commits are available in Github to verify the identity of the contributor, but project maintainers should enable vigilant mode, a feature of that displays details of the verification status of every commit and their contributor

Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: