An ongoing attack is causing millions of code repositories to flood GitHub, and the company is having difficulty stopping it, Ars Technica reports.
Researchers claimed that these repositories contained obfuscated malware that stole cryptocurrency and passwords from developer devices. Since the malicious repositories are copies of the legitimate ones, it is difficult for the untrained eye to tell them apart. The attack stems from a procedure that automatically forks authorized repositories, which has been automated by an unidentified entity. This allows developers to copy the source code and utilize it for their own independent projects that expand upon the original ones. “However, the automation detection seems to miss many repos, and the ones that were uploaded manually survive. Because the whole attack chain seems to be mostly automated on a large scale, the 1% that survive still amount to thousands of malicious repos” said Matan Giladi and Gil David, researchers at security firm Apiiro. The researchers added that more than 100,000 GitHub repositories have been affected by the hack.