GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency from developer devices, researchers said.

The malicious repositories are clones of legitimate ones, making them hard to distinguish to the casual eye. An unknown party has automated a process that forks legitimate repositories, meaning the source code is copied so developers can use it in an independent project that builds on the original one. The result is millions of forks with names identical to the original one that add a payload that’s wrapped under seven layers of obfuscation. To make matters worse, some people, unaware of the malice of these imitators, are forking the forks, which adds to the flood.

“Most of the forked repos are quickly removed by GitHub, which identifies the automation,” Matan Giladi and Gil David, researchers at security firm Apiiro, wrote Wednesday. “However, the automation detection seems to miss many repos, and the ones that were uploaded manually survive. Because the whole attack chain seems to be mostly automated on a large scale, the 1% that survive still amount to thousands of malicious repos.”

arstechnica.com/security/2024/

Follow

@dangoodin

There seems to be a lot of calls from the Uk military circles we need to boost the number of troops so we are ready to counter threats from hostile states. While I agree with this, it seems that there is an equal threat from hostile states in terms of cyber attacks, which may actually be the first step in any new conflict as a cyber attack can disrupt essential infrastructure.

Calls for an increase in or cyber defenses seem to be falling on deaf ears, despite the fact criminals are now using more and more sophisticate techniques to catch victims.

If OpenAI can be sued for copyright infringement, can they be equally held accountable if their technolgy is used to inpersonate a persons voice, or images (photo, video), perhaps now they have created this technology they need to be held to account for what people use it for.

At some point in the not too distant future, I can see a situaion where a fake video leads to a miscalculation or misunderstanding that starts a much wider conflict or situation that once started can't easily be resolved.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.