Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

    justmattgBy justmattgSeptember 28, 2023No Comments3 Mins Read

    [ad_1]

    Sep 28, 2023THNSupply Chain / Malware

    Password-Stealing Commits

    A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers.

    “The malicious code exfiltrates the GitHub project’s defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code effecting any end-user submitting its password in a web form,” Checkmarx said in a technical report.

    The malware is also designed to capture GitHub secrets and variables to a remote server by means of a GitHub Action.

    Cybersecurity

    The software supply chain security firm said it observed the atypical commits to hundreds of public and private GitHub repositories between July 8 and 11, 2023.

    It has emerged that the victims had their GitHub personal access tokens stolen and used by the threat actors to make malicious code commits to users’ repositories by posing as Dependabot.

    Dependabot is designed to alert users of security vulnerabilities in a project’s dependencies by automatically generating pull requests to keep them up-to-date.

    Password-Stealing Commits

    “The attackers accessed the accounts using compromised PATs (Personal Access Token) — most likely exfiltrated silently from the victim’s development environment,” the company said. Most compromised users are located in Indonesia.

    However, the exact method by which this theft may have taken place is currently unclear, although it’s suspected that it may have involved a rogue package inadvertently installed by the developers.

    The development highlights the continued attempts on part of threat actors to poison open-source ecosystems and facilitate supply chain compromises.

    This is evidenced by a new data exfiltration campaign targeting both npm and PyPI that uses as many as 39 counterfeit packages to gather sensitive machine information and transmit the details to a remote server.

    UPCOMING WEBINAR

    Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools

    Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.

    Supercharge Your Skills

    The modules, published over several days between September 12 and 24, 2023, demonstrate a progressive increase in complexity, scope, and obfuscation techniques, Phylum said.

    The Israeli company is also tracking what it characterized as a large typosquat campaign aimed at npm, in which 125 packages masquerading as angular and react are being used to send machine information to a remote Discord channel.

    However, the activity appears to be part of a “research project,” with the author claiming that it’s done to “find out if any of the bug bounty programs I’m participating in gets affected by one of the packages so that I could be the first one to notify them and protect their infrastructure.”

    “This is in violation of the npm Acceptable Use Policy, and these sorts of campaigns put a strain on individuals tasked with keeping these ecosystems clean,” Phylum cautioned.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleCAPTCHAs Easy for Humans, Hard for Bots
    Next Article Government Shutdown Poised to Stress Nation’s Cybersecurity Supply Chain
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑