Goto Top

Malware system found in several Github forks

Security researcher and developer Stephen Lacy has discovered a very large malware system on Github. The malware's code was found over 35K code results in various forks or clones. The malware collects all the environment variables of a script, application or the particular machine and sends them to a server of the attackers.

The malware was also found in several forks or clones of the projects: crypto, golang, python, js, bash, docker, k8s. In addition, in: npm scripts and Docker images, etc.

Access keys for server or cloud access are also included, which are probably already being actively used to execute code:

Here's his Twitter feed on the malware:

Update: The security team at Github has since started finding and removing the malware code on the platform. I have updated the post to reflect the latest malware findings.

Content-Key: 3534431832


Printed on: September 28, 2023 at 06:09 o'clock