GitHub, the world's most popular code hosting platform, has become the target of a new cyberattack campaign that seeks to infect software developers with malware . These are the repository confusion attacks, which have already affected more than 100,000 projects on GitHub.
A repository is a folder where developers can store, organize, and share their code with other contributors or the GitHub community. Attackers take advantage of the trust generated by the most well-known or popular repositories to impersonate them and distribute their malicious code.
The method they use is as follows: they copy a legitimate repository, insert the malware into it and re-upload it to GitHub with the same name as the original. In this way, they trick developers into downloading and using the fake repository, believing it to be the real one. By doing so, the malware runs on your systems and steals sensitive information such as usernames, passwords and browsing cookies.
The malware used in these attacks is called BlackCap-Grabber and communicates with the attackers' command and control servers, who can then use the stolen information to perform further malicious actions. Although GitHub has deleted many of these fake repositories, there are still some assets that pose a serious threat to users of the platform.
To protect against these attacks, the cybersecurity company Apiiro has created a malicious code detection system that uses advanced techniques, such as deep code analysis, to identify and prevent these attacks. In addition, it recommends that developers verify the authenticity of the repositories they download and that they use security tools such as antivirus or firewalls.