Software developer Stephen Lacy identified a malicious URL in the code of an open source project on GitHub that he found through a Google search.
BleepingComputer searched GitHub and found over 35,000 results displaying files that contain that URL, with more than 13,000 of those search results from a single repository called "redhat-operator-ecosystem." That repository has since been removed from GitHub.
Software developer James Tucker found that cloned repositories containing the malicious URL exfiltrated a user's environmental variables, which could put such things as API keys, tokens, Amazon AWS credentials, and crypto keys at risk. It also included a one-time backdoor that could enable remote attackers to execute arbitrary code on the systems of users who install and run the malicious clones. The malicious clones have since been removed from GitHub.
From Bleeping Computer
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA