GitHub is currently facing a severe security threat as an ongoing attack floods the platform with millions of malicious repositories housing obfuscated malware. These repositories, disguised as legitimate ones, are the result of an automated process that forks genuine repositories, creating imitations with seven layers of obfuscation.
This method makes it challenging to distinguish them from authentic repositories, and to exacerbate the issue, some users unknowingly fork these malicious forks, intensifying the problem. Researchers from security firm Apiiro reveal that, while GitHub swiftly removes most of the malicious repositories through automation detection, a significant number still persist, amounting to thousands of potentially harmful repositories.
The impact of this attack extends to over 100,000 GitHub repositories, raising concerns about the security of the developer community. GitHub officials acknowledge the challenge but have yet to provide precise figures on the extent of the attack.
The method, termed “repo confusion,” relies on humans mistakenly selecting the malicious version over the authentic one. This form of supply-chain attack poses a substantial risk to the security of developer platforms, reminding the community of the ever-evolving and sophisticated tactics employed by malicious actors. The incident emphasizes the need for continuous vigilance, advanced detection mechanisms, and collaborative efforts to mitigate the risks associated with such attacks.
