Github, an open-source software repositories platform, hosts many software development projects and files, making it the go-to website in terms of documentation and download channel for developers worldwide. These past few years, threat actors and cybercriminals abused and leveraged these accessible repositories to successfully distribute and host some Malware and malicious script components.
In the latest cybersecurity report, the researcher reveals that about 17% of all the software bugs found uploaded in GitHub were placed intentionally by cyberattackers to work as their backdoor entry point.
Majority of the discovered backdoor codes came from npm package manager for NodeJS as it affected many software projects package.
GitHub has been trending as a successful starting point of attack vectors, because of this as aside from backdoor codes, it is also being abused as one of the cybercriminal’s channels to host Malware.
- A newer variant of Gitpaste-12 Botnet that returned 31 exploits in a report using GitHub and Pastebin in storing malicious code components
- A botnet named PGMiner has downloaded the static curl binary to carry out its tasks from GitHub until finally sending it on a Monero mining malware.
- And another new strain of Malware associated with MuddyWater APT group has been discovered. The group uses Word file with embedded macros that will download a PowerShell script hosted in GitHub when ran. The said script was used later to download an image file for a Cobalt Strike script coded for Windows Operating Systems.
Even though this angle of attack on software developers and software development projects is not new. At current times, hackers and threat actors will prove that they will abuse well-known services and platforms as starting attack vector. The hidden malicious codes and scripts added on hosted repositories is stealthy and can hide under the radar for years. This can result in future theft of valuable private information and intellectual property and hijacking an organization’s network and infrastructure systems to carry out a cyber-attack.