Major developer platform GitHub faces malware attacks, and 35,000 “code hits” were reported on the day that thousands of Solana-based wallets were stolen millions of dollars.
The widespread attack was discovered by GitHub developer Stephen Lucy, who first reported the incident on Wednesday. The developer ran into a problem while investigating a project he found in a Google search.
So far, projects ranging from crypto, Golang, Python, JavaScript, Bash, Docker, and Kubernetes have been affected by the attack. Malware attacks target docker images , install docs , and NPM scripts.
To lure developers and gain access to sensitive information Attackers will create a fake storage area. (The repository contains all the project files and the revision history of each file) and make it look like the right project.
When a developer is a victim of a malware attack, the entire environment variable (ENV) of scripts, applications, or laptops (Electron apps) is sent to the attacker’s server. The ENV includes security keys, Amazon Web Services access. keys, crypto keys and many more
Developers have reported issues to GitHub and advised developers to add an additional layer of security to their GitHub accounts and software projects by providing a way to verify all fixes from trusted sources.
The post GitHub faces a malware attack. and affecting projects including Crypto appeared first on Bitcoin Addict.