More than 100,000 GitHub repositories were found to spread malicious packages

There have been reports of malware spreading campaigns detected. by security researchers at Apiiro which is malware designed to take advantage of the platform's capabilities. GitHub attacks, which began in May 2023 with "multiple" malicious packages uploaded to The official repository of Python Package Index (PyPI) can impact at least 100,000 GitHub repositories and millions more “presumably”.

The emergence of this malware injection demonstrates how bad actors can take advantage of GitHub's ability to automatically and efficiently manage fork code repositories, Apiiro said. Cybercriminals An unknown entity clones existing repos, infecting the loader with malware before they upload the compromised code back to GitHub with the same name.

GitHub provides developer-friendly APIs and tools that can be used to automatically create accounts and reports, and criminals have taken advantage of this feature to extract malicious packages uploaded thousands of times when unsuspecting developers use a cheap repo. Intruders, Apiiro researchers explained, helped spread malicious code. Most of which are modified versions of BlackCap-Grabber.

GitHub confirms that it is aware of the campaign's existence. Fighting this type of activity is easier said than done. The platform hosts over 100 million developers building across more than 420 million repositories and has a dedicated team working to detect, analyze, and remove content and accounts that violate our policies. Acceptable Use of the Platform