ChrisJohn86
Well-known member
- Joined
- Apr 10, 2024
- Messages
- 73
- Reaction score
- 0
In a disturbing turn of events, hackers have used a GitHub vulnerability to distribute malware via URLs associated with Microsoft repositories, posing a substantial risk to users. McAfee recently discovered a new malware loader transmitted via seemingly genuine Microsoft GitHub sources, including the STL library and C++ Library Manager for Windows, macOS, and Linux (vcpkg).
These malware installers masquerade as Microsoft repo URLs, but they contain no references to the project's source code, indicating questionable activity. These malicious files were not part of the official repositories, but were instead published as attachments to comments on bugs or contributions in the projects.
The functionality on GitHub that allows users to attach files to comments unwittingly encouraged this nefarious action, as the files were uploaded to GitHub's Content Delivery Network (CDN) and linked to the appropriate project via unique URLs. Even if the comments are erased, the files can still be accessed via the created URLs, indicating a serious weakness in GitHub's security.
Even if GitHub has made steps to remove the malware tied to Microsoft repositories, additional malware variants associated with Aimmy and httprouter remain.
In order to protect your reputation and don’t want your account and repositories being abused, the only way is to disable comments on your project. However, according to the GitHub support document, you can only disable comments for six months at a time.
These malware installers masquerade as Microsoft repo URLs, but they contain no references to the project's source code, indicating questionable activity. These malicious files were not part of the official repositories, but were instead published as attachments to comments on bugs or contributions in the projects.
The functionality on GitHub that allows users to attach files to comments unwittingly encouraged this nefarious action, as the files were uploaded to GitHub's Content Delivery Network (CDN) and linked to the appropriate project via unique URLs. Even if the comments are erased, the files can still be accessed via the created URLs, indicating a serious weakness in GitHub's security.
Even if GitHub has made steps to remove the malware tied to Microsoft repositories, additional malware variants associated with Aimmy and httprouter remain.
In order to protect your reputation and don’t want your account and repositories being abused, the only way is to disable comments on your project. However, according to the GitHub support document, you can only disable comments for six months at a time.