frank
Goto Top

Malware system found in several Github forks

Security researcher and developer Stephen Lacy has discovered a very large malware system on Github. The malware's code was found over 35K code results in various forks or clones. The malware collects all the environment variables of a script, application or the particular machine and sends them to a server of the attackers.

The malware was also found in several forks or clones of the projects: crypto, golang, python, js, bash, docker, k8s. In addition, in: npm scripts and Docker images, etc.

Access keys for server or cloud access are also included, which are probably already being actively used to execute code: https://twitter.com/stephenlacy/status/1554712801897091072

Here's his Twitter feed on the malware: https://twitter.com/stephenlacy/status/1554697077430505473

Update: The security team at Github has since started finding and removing the malware code on the platform. I have updated the post to reflect the latest malware findings.

Content-Key: 3534431832

Url: https://administrator.de/contentid/3534431832

Printed on: December 3, 2022 at 23:12 o'clock