Dave Rahardja on Nostr: #GitHub is under attack. “The flow of the campaign is simple: 1. Cloning existing ...
#GitHub is under attack.
“The flow of the campaign is simple:
1. Cloning existing repos (for example: TwitterFollowBot, WhatsappBOT, discord-boost-tool, Twitch-Follow-Bot, and hundreds more)
2. Infecting them with malware loaders
3. Uploading them back to GitHub with identical names
4. Automatically forking each thousands of times
5. Covertly promoting them across the web via forums, Discord, etc.
”
“GitHub besieged by millions of malicious repositories in ongoing attack”
https://arstechnica.com/security/2024/02/github-besieged-by-millions-of-malicious-repositories-in-ongoing-attack/
“The flow of the campaign is simple:
1. Cloning existing repos (for example: TwitterFollowBot, WhatsappBOT, discord-boost-tool, Twitch-Follow-Bot, and hundreds more)
2. Infecting them with malware loaders
3. Uploading them back to GitHub with identical names
4. Automatically forking each thousands of times
5. Covertly promoting them across the web via forums, Discord, etc.
”
“GitHub besieged by millions of malicious repositories in ongoing attack”
https://arstechnica.com/security/2024/02/github-besieged-by-millions-of-malicious-repositories-in-ongoing-attack/