• Market Cap: $1,143,665,298,264.83
  • 24h Vol: $29,732,777,859.74
  • BTC Dominance: 44.85%
XBT.Market
Advertisement
  • Home
  • Coins MarketCap
  • Crypto Exchanges
  • Crypto Calculator
  • Top Gainers and Loser
  • News
  • Contact Us
No Result
View All Result
XBT.Market
No Result
View All Result
Home Bitcoin

GitHub faces widespread malware attacks affecting projects, including crypto

Jon Hartney by Jon Hartney
August 3, 2022
in Bitcoin, Blockchain, Business, Market
0
Why is there so much uncertainty in the crypto market right now? | Market Talks with Crypto Jebb and Crypto Wendy O
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter

The developer who found the vulnerability requested developers to sign their revisions with the GPG key to ensure all their revisions on the project can be verified.

Major developer platform GitHub faced a widespread malware attack and reported 35,000 “code hits” on a day that saw thousands of Solana-based wallets drained for millions of dollars.

The widespread attack was highlighted by GitHub developer Stephen Lucy who first reported the incident earlier on Aug. 3. The developer came across the issue while reviewing a project he found on a Google search.

Related articles

US Justice Department charges two men in Mt. Gox Hack

US Justice Department charges two men in Mt. Gox Hack

June 9, 2023
Real-World Asset protocols outperform DeFi blue-chips due to tokenization wave

Real-World Asset protocols outperform DeFi blue-chips due to tokenization wave

June 9, 2023

I am uncovering what seems to be a massive widespread malware attack on @github.

– Currently over 35k repositories are infected
– So far found in projects including: crypto, golang, python, js, bash, docker, k8s
– It is added to npm scripts, docker images and install docs pic.twitter.com/rq3CBDw3r9

— Stephen Lacy (@stephenlacy) August 3, 2022

So far, various projects from crypto, Golang, Python, js, Bash, Docker and Kubernetes were found to be affected by the attack. The malware attack is targeted at the docker images, install docs and npm script, which is a convenient way to bundle common shell commands for a project.

To dupe developers and access critical data, the attacker first creates a fake repository (a repository contains all of the project’s files and each file’s revision history) and pushes clones of legit projects to GitHub. For example, the following two snapshots show this legit crypto miner project and its clone.

Original Crypto Mining Project Source: Github
Cloned Crypto Mining Project Source: Github

Many of these clone repositories were pushed as “pull requests.” Pull requests let developers tell others about changes they have pushed to a branch in a repository on GitHub.

Related: Nomad reportedly ignored security vulnerability that led to $190M exploit

Once the developer falls prey to the malware attack, the entire environment variable (ENV) of the script, application, or laptop (electron apps), is sent to the attacker’s server. ENV includes security keys, AWS access keys, crypto keys and much more.

The developer has reported the issue to GitHub and advised developers to GPG sign their revisions made to the repository. GPG keys add an extra layer of security to your GitHub accounts and software projects by providing a way of verifying all revisions come from a trusted source

Read Entire Article
Tags: CointelegraphCryptocurrencyInvestmentMining Bitcoin
Share76Tweet47

Related Posts

US Justice Department charges two men in Mt. Gox Hack

US Justice Department charges two men in Mt. Gox Hack

by Jon Hartney
June 9, 2023
0

The Justice Department claims Alexey Bilyuchenko and Aleksandr Verner took control of a Mt Gox server and stole 647,000

Real-World Asset protocols outperform DeFi blue-chips due to tokenization wave

Real-World Asset protocols outperform DeFi blue-chips due to tokenization wave

by Jon Hartney
June 9, 2023
0

Traditional finance companies are boosting their engagement with Ethereum-based real-world asset protocols, resulting

DeFi volumes surge 444% after Binance, Coinbase lawsuits: Finance Redefined

DeFi volumes surge 444% after Binance, Coinbase lawsuits: Finance Redefined

by Jon Hartney
June 9, 2023
0

The top-100 DeFi tokens by market capitalization had a bearish week as the total value locked in these protocols fell

Argentina Ready To Support Bitcoin With Gathering And Event In Buenos Aires

Argentina Ready To Support Bitcoin With Gathering And Event In Buenos Aires

by Jon Hartney
June 9, 2023
0

Bitcoin Argentina, an NGO dedicated to bitcoin adoption in the country, is hosting an event that promises to be a

WikiLeaks Founder Julian Assange Facing Extradition After Losing Challenge

WikiLeaks Founder Julian Assange Facing Extradition After Losing Challenge

by Jon Hartney
June 9, 2023
0

The loss is an indication that further challenges will be difficult, although Assange plans to renew his appeal next

Load More
  • Trending
  • Comments
  • Latest
NEXO risks 50% drop due to regulatory pressure and investor concerns

NEXO risks 50% drop due to regulatory pressure and investor concerns

September 30, 2022
51% of Ethereum blocks are now compliant with OFAC standards, raising censorship concerns

51% of Ethereum blocks are now compliant with OFAC standards, raising censorship concerns

October 14, 2022
All aboard! Elon Musk’s Vegas Loop now taking Dogecoin payments

All aboard! Elon Musk’s Vegas Loop now taking Dogecoin payments

July 7, 2022
Zero-knowledge KYC could solve the privacy vs compliance conundrum: VC partner

Zero-knowledge KYC could solve the privacy vs compliance conundrum: VC partner

October 11, 2022
All aboard! Elon Musk’s Vegas Loop now taking Dogecoin payments

All aboard! Elon Musk’s Vegas Loop now taking Dogecoin payments

0
Crypto owners banned from working on US Government crypto policies

Crypto owners banned from working on US Government crypto policies

0
Korean startup Uprise lost $20M shorting LUNC

Korean startup Uprise lost $20M shorting LUNC

0
Ethereum testnet Merge mostly successful — ‘Hiccups will not delay the Merge.’

Ethereum testnet Merge mostly successful — ‘Hiccups will not delay the Merge.’

0
US Justice Department charges two men in Mt. Gox Hack

US Justice Department charges two men in Mt. Gox Hack

June 9, 2023
Real-World Asset protocols outperform DeFi blue-chips due to tokenization wave

Real-World Asset protocols outperform DeFi blue-chips due to tokenization wave

June 9, 2023
DeFi volumes surge 444% after Binance, Coinbase lawsuits: Finance Redefined

DeFi volumes surge 444% after Binance, Coinbase lawsuits: Finance Redefined

June 9, 2023
Argentina Ready To Support Bitcoin With Gathering And Event In Buenos Aires

Argentina Ready To Support Bitcoin With Gathering And Event In Buenos Aires

June 9, 2023

XBT.Market

This website is an automated news feed powered by the Nebulome cloud system. The site is made possible by YYC TECH Consulting and Alberta Digital Mining Company. As a team with major crypto and bitcoin enthusiasm, we have curated major sources of news, trading and financial data to bring you, our viewer, an unbiased source of truth.

Recent Posts

  • US Justice Department charges two men in Mt. Gox Hack June 9, 2023
  • Real-World Asset protocols outperform DeFi blue-chips due to tokenization wave June 9, 2023
  • DeFi volumes surge 444% after Binance, Coinbase lawsuits: Finance Redefined June 9, 2023
  • Argentina Ready To Support Bitcoin With Gathering And Event In Buenos Aires June 9, 2023
  • WikiLeaks Founder Julian Assange Facing Extradition After Losing Challenge June 9, 2023

News Categories

  • Bitcoin
  • Blockchain
  • Business
  • Market

Tags

bitcoinMagzine Cointelegraph Cryptocurrency insidebitcoins Investment Mining Bitcoin NewsBTC

Quicklinks

  • Home
  • Coins MarketCap
  • Crypto Exchanges
  • Crypto Calculator
  • Top Gainers and Loser
  • News
  • Contact Us

© 2022 Xbt.Market - Powered by YYC Tech Consulting & ADMCO.

No Result
View All Result
  • Home
  • Coins MarketCap
  • Crypto Exchanges
  • Crypto Calculator
  • Top Gainers and Loser
  • News
  • Contact Us

© 2022 Xbt.Market by Nebulome.

  • bitcoinBitcoin(BTC)$26,441.00-0.70%
  • ethereumEthereum(ETH)$1,835.00-0.94%
  • USDEXUSDEX(USDEX)$1.07-0.53%
  • tetherTether(USDT)$1.00-0.03%
  • binancecoinBNB(BNB)$260.76-1.47%
  • usd-coinUSD Coin(USDC)$1.00-0.03%
  • rippleXRP(XRP)$0.542.15%
  • staked-etherLido Staked Ether(STETH)$1,832.91-0.94%
  • cardanoCardano(ADA)$0.301526-7.35%
  • dogecoinDogecoin(DOGE)$0.0686190.84%
  • solanaSolana(SOL)$17.54-7.73%
  • matic-networkPolygon(MATIC)$0.73-6.10%
  • litecoinLitecoin(LTC)$89.370.87%
  • tronTRON(TRX)$0.072237-7.33%
  • polkadotPolkadot(DOT)$4.98-0.97%
  • binance-usdBinance USD(BUSD)$1.00-0.05%
  • avalanche-2Avalanche(AVAX)$13.78-1.72%
  • shiba-inuShiba Inu(SHIB)$0.000008-1.44%
  • daiDai(DAI)$1.000.10%
  • wrapped-bitcoinWrapped Bitcoin(WBTC)$26,425.00-0.79%
  • uniswapUniswap(UNI)$4.58-1.35%
  • leo-tokenLEO Token(LEO)$3.51-1.02%
  • chainlinkChainlink(LINK)$5.96-1.03%
  • cosmosCosmos Hub(ATOM)$9.22-3.03%
  • okbOKB(OKB)$44.840.35%
  • moneroMonero(XMR)$142.68-0.13%
  • Aerarium FiAerarium Fi(AERA)$7.14-13.11%
  • ToncoinToncoin(TON)$1.68-0.19%
  • ethereum-classicEthereum Classic(ETC)$16.92-0.60%
  • stellarStellar(XLM)$0.0882101.00%
  • bitcoin-cashBitcoin Cash(BCH)$110.37-1.25%
  • true-usdTrueUSD(TUSD)$1.00-0.10%
  • lido-daoLido DAO(LDO)$2.19-0.01%
  • internet-computerInternet Computer(ICP)$4.210.33%
  • filecoinFilecoin(FIL)$4.01-2.69%
  • quant-networkQuant(QNT)$107.51-3.26%
  • hedera-hashgraphHedera(HBAR)$0.048127-0.93%
  • crypto-com-chainCronos(CRO)$0.057942-1.93%
  • AptosAptos(APT)$7.35-4.45%
  • GGTKNGGTKN(GGTKN)$0.1121180.75%
  • ArbitrumArbitrum(ARB)$1.13-0.47%
  • nearNEAR Protocol(NEAR)$1.39-2.26%
  • vechainVeChain(VET)$0.017054-5.14%
  • apecoinApeCoin(APE)$2.82-3.24%
  • paxos-standardPax Dollar(USDP)$1.00-0.06%
  • fraxFrax(FRAX)$1.00-0.09%
  • EdgecoinEdgecoin(EDGT)$1.00-0.03%
  • the-graphThe Graph(GRT)$0.110658-2.99%
  • BSCEXBSCEX(BSCX)$261.1683.49%
  • eosEOS(EOS)$0.89-0.29%
  • rocket-poolRocket Pool(RPL)$47.32-0.46%
  • algorandAlgorand(ALGO)$0.1240890.00%
  • elrond-erd-2MultiversX(EGLD)$34.66-1.25%
  • blockstackStacks(STX)$0.64-2.99%
  • the-sandboxThe Sandbox(SAND)$0.471320-3.83%
  • Rocket Pool ETHRocket Pool ETH(RETH)$1,971.89-0.89%
  • aaveAave(AAVE)$59.80-0.43%
  • optimismOptimism(OP)$1.33-4.41%
  • render-tokenRender(RNDR)$2.26-0.22%
  • fantomFantom(FTM)$0.286675-3.76%
  • tezosTezos(XTZ)$0.82-1.96%
  • theta-tokenTheta Network(THETA)$0.75-1.94%
  • usddUSDD(USDD)$1.00-0.09%
  • decentralandDecentraland(MANA)$0.405783-3.75%
  • immutable-xImmutableX(IMX)$0.730.41%
  • Bitget TokenBitget Token(BGB)$0.504.52%
  • axie-infinityAxie Infinity(AXS)$6.04-3.60%
  • BitDAOBitDAO(BIT)$0.477722-0.73%
  • WhiteBIT TokenWhiteBIT Token(WBT)$4.820.04%
  • radixRadix(XRD)$0.066945-0.74%
  • havvenSynthetix Network(SNX)$2.04-1.40%
  • kucoin-sharesKuCoin(KCS)$6.70-1.49%
  • flowFlow(FLOW)$0.62-2.65%
  • neoNEO(NEO)$8.97-1.48%
  • CloutContractsCloutContracts(CCS)$52.461,000.00%
  • curve-dao-tokenCurve DAO(CRV)$0.76-1.11%
  • galaGALA(GALA)$0.025647-2.05%
  • terra-lunaTerra Luna Classic(LUNC)$0.000100-1.54%
  • bitcoin-cash-svBitcoin SV(BSV)$30.00-0.98%
  • gatechain-tokenGate(GT)$4.172.36%
  • gemini-dollarGemini Dollar(GUSD)$1.00-0.20%
  • makerMaker(MKR)$623.84-0.65%
  • injective-protocolInjective(INJ)$6.88-1.92%
  • kavaKava(KAVA)$0.94-5.71%
  • marumaruNFTmarumaruNFT(MARU)$0.24991121.40%
  • klay-tokenKlaytn(KLAY)$0.1634010.33%
  • bittorrentBitTorrent(BTT)$0.000001-0.75%
  • pax-goldPAX Gold(PAXG)$1,921.46-0.45%
  • Tokenize XchangeTokenize Xchange(TKX)$6.15-0.13%
  • xdce-crowd-saleXDC Network(XDC)$0.0354832.39%
  • iotaIOTA(MIOTA)$0.176568-2.15%
  • tether-goldTether Gold(XAUT)$1,961.14-0.11%
  • PepePepe(PEPE)$0.0000014.59%
  • casper-networkCasper Network(CSPR)$0.043261-1.79%
  • compound-ethercETH(CETH)$36.79-0.83%
  • huobi-tokenHuobi(HT)$2.921.43%
  • conflux-tokenConflux(CFX)$0.224838-4.01%
  • chilizChiliz(CHZ)$0.086883-1.23%
  • binaryxBinaryX(BNX)$165.90-5.97%
  • gmxGMX(GMX)$51.09-1.36%