Malware-laced GitHub repositories using popular names and topics are being advanced by threat actors through automated updates and fraudulent stars meant to manipulate the leading software developer platform's search rankings as part of a new open-source supply chain attack, The Hacker News reports.
Attackers have disguised most of the malicious repositories as projects related to tools, video games, and cheats, some of which triggered an encrypted file with an enlarged executable aimed at deploying malware akin to the Keyzetsu clipper while bypassing antivirus detection, according to a report from Checkmarx.
"The use of malicious GitHub repositories to distribute malware is an ongoing trend that poses a significant threat to the open-source ecosystem. By exploiting GitHub's search functionality and manipulating repository properties, attackers can lure unsuspecting users into downloading and executing malicious code," said Checkmarx security researcher Yehuda Gelb.
Such findings follow a Phylum report detailing the increasing prevalence of npm spam packages meant to facilitate a sweeping automated crypto farming operation.