Thursday , February 22 2018
Menu
Home / Cyber Security / GitHub Users Targeted by Malware

GitHub Users Targeted by Malware

Apart from cost, a great attraction of open-source software is the very fact that it is open–you may inspect the code for malicious content and determine whether or not you’re comfortable including it in your project. That’s a lot of work, though, and many people don’t do it, taking on trust that the transparency and self-regulated nature of the open source community means that “someone, somewhere must have checked this out, right?”

GitHub, of course, is fast becoming the de facto repository of the open-source movement, with usage statistics placing it well ahead of older favorites like Codeplex and SourceForge (link to https://www.software.ac.uk/resources/guides/choosing-repository-your-software-project for details).

This hasn’t gone unnoticed by the bad guys, with an interesting new trend for malware targeted at developers on GitHub. Why target developers? Because they will likely also have access to privileged accounts on systems and other information of use to hackers. Compromising a developer can result in significantly more rewards for a malicious actor.

READER BE AWARE: The research note linked to below contains example code, and may trigger alerts from security software in your browser, or if copied/pasted to an email or other document. This doesn’t indicate an attack, but rather that potentially malicious code has been identified. As ever, though, we do recommend that you protect your systems with correctly installed and maintained anti-virus and anti-malware tools. Here is the link: http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/

About Gavin Martin

Information systems architect / technical design authority with over 20 years experience delivering small-scale through enterprise systems to commercial, finance and government customers.

Check Also

Fake Patches Exploit Spectre, Meltdown Fears

Security research company Malwarebytes has spotted an early exploit of the Spectre and Meltdown vulnerabilities–but …

Leave a Reply

Your email address will not be published. Required fields are marked *

Sorry, but this content
is for our subscribers only!

But subscribing to ACCELERATING IT SUCCESS is FREE and only one click away!
Join more than 40,000 IT Professionals and get the best IT management articles to your mailbox with Accelerating IT Success!

Unsubscribe at any time