> Why do they only clone new repositories, rather than popular ones? > Why do they delete a commit and push a new one every few hours?

Because this is not targetted to humans. It's targetted to agents. They just need to appear on a fraction of the searches agents do to add dependencies and get lucky a couple times to start a new infection cluster.

Then to the more interesting question: why now?

1. Agents, agents everywhere.

2. MAJOR elections happening this year in the World, including US midterms and Brazilian mains. This appears to be an account-stealer worm - and my guess is it's looking to all those sweet sweet Facebook/Instagram/Tiktok/Whatsapp accounts ready to bot their way into oblivion.

This is happening to me as well. I have a few moderately popular open source projects and I have found my name attached to new projects that I have nothing to do with or they are derivatives of my projects with redirection to unknown sites.

Legitimate projects:

https://github.com/jimmc414/onefilellm

https://github.com/jimmc414/Kosmos

https://github.com/jimmc414/cctrace

Projects using my name which I have no affiliation with or they are projects I have written that they have injected new URLs into:

https://hub.decision.ai/skills/jimmc414/benchling-integratio...

https://lobehub.com/skills/jimmc414-claude-code-plugin-marke...

https://mcpmarket.com/tools/skills/geniml-genomic-machine-le...

https://mcpmarket.com/tools/skills/biopython-for-molecular-b...

> Why do they delete a commit and push a new one every few hours?

May be to make it appear on the top of the "Last Updated" repositories in case someone searches for the repo or a keyword. So instead of the author's actual repo, the users endup cloning the trojan infected one.

Being reminded of this anecdote from NYMag's recent cover story (which had previously been reported in a WSJ story[0]) about a Disney engineer who downloaded an AI-gen tool from Github and "checked the code himself, it had looked legitimate":

https://archive.is/yAUNy

> He had no idea why the hackers had targeted him or what their plan was, whether they would drain his family’s finances or stalk his home. Eventually, after running another anti-virus program, he found a piece of malware hidden in a plug-in he had downloaded from GitHub, the open-source coding site, one day in February when he was messing around with an AI image generator. He had checked the code himself, it had looked legitimate, and others had reviewed it positively. But it seems it contained a Trojan-horse virus that gave the hackers free rein of his PC. Once inside, they just had to wait for Van Andel to log in to 1Password. From there, they were able to steal all his credentials, plus many of his multifactor-authentication codes, so every time Van Andel logged in to an app, a website, or an account, they could follow behind him. They’d had access for months.

[0] https://www.wsj.com/tech/cybersecurity/disney-employee-ai-to...

I uploaded a sample found here (https://github.com/alexct142010-cell/McBackuper ) to Genus Codes (need an account): https://genuscodes.com/results/7ad4b911d05a12f91ab27ba3baa35... Seems to be related to the disco trojan family, by way of normalized function matching at 50% to malicious file https://genuscodes.com/results/eddbc29db4677e00c1a901aadbadb... and a normalized 50% match to https://genuscodes.com/results/fdb6cff68a2a8c08779d64a7cf61d...

Virustotal link: https://www.virustotal.com/gui/file/fdb6cff68a2a8c08779d64a7...

It happened a few times to me that I'd find some very well constructed scam scheme (cryptocurrency washing systems, web platform/phishing scams), then I'd research deeper into it to see how it worked, just to ultimately feel powerless not knowing what to do with the information.

I reported a repo containing obvious nulled software to GitHub in February 2024.

The title is "nulled WHMCS" and it's a full copy of that software with copy protection removed. It couldn't be more cut and dried.

The repo is still there 2+ years later and GitHub has taken no action.

If GitHub can't respond to tickets pointing out obvious pirated software, I don't think they care about anything anyone puts up.

> I typed the project name into Google, and my repository appeared in the results. I entered the same query into Bing, and someone else’s repository appeared in the results

Side story, this kind of thing is what made me stop using Bing.

I had been using it as the default for searches (it sucks, but it's at least not Google), until I landed on a phishing page for my bank (I haven't committed it to memory yet). The page was a near perfect copy, and I would easily have gotten pwnd by it if they didn't have a modal asking me to run some code in my terminal for "security activation" that made me go "that's a little odd... Is this the right address OH SHIT that's a .ru domain"

I never see Google return phishing pages or typo squatters in the first page. Bing constantly returns that stuff in the first several results.

This is just one flavour of abuse. GitHub does NOT give a shit about the scale of the malware problem.

I've seen so many forms of malware repos working on a GitHub trends newsletter [1], mostly about crypto, NFTs, KMS, and similar stuff.

In the first runs of the project, I was so surprised by tens of malware repos that looked like trending repos. A lot of them share some common traits that made filtering feasible:

- Made by a fresh GitHub user - many created in the past few days.

- The average creation date of Stargazers accounts is very close to the repo creation date. If you take the mean time diff, those bad repos get exposed.

I reported 10s of malware repos, but then I gave up as I felt GitHub was not really doing enough to fight back. I was like... these guys don't seem to care, why should I?

God knows how many people have been abused by these malware repos on GitHub.

---

[1] https://github.com/mhadidg/gh-trends

Same thing happened to one of my repos in Feb. I wrote up the details with screenshots.

https://reducibl.com/writing/someone-used-my-repo-to-distrib...

I uploaded several of these virus-infected archives to VirusTotal. In each archive, under the “Network Communication” section, the virus makes requests to three resources: a GET request to a website to retrieve IP information, a POST request to a Polygon RPC node (drpc), and a POST request to what appears to be the virus creator’s server. I can only assume that the scheme is designed to steal cryptocurrency.

0 action.

If GitHub can't respond to tickets pointing out obvious pirated software, I don't think they care about anything anyone puts up.

I have to say, the principle that open-source software can't do anything nefarious because the source is open just hasn't held up for a lot of reasons -- including that nobody has the time to inspect the code, let alone ensure that it matches the binaries; and also that GitHub has become a distribution hub for software used by lots of people with no ability or interest in auditing the software they use.

> Another month later, GitHub support sent me an email saying that they had removed these repositories.

I recently discovered a campaign where somebody was forking very small but useful codebases, and replacing the distributable with some malware, and making the repository have better SEO with changes to the README. My case was a simple macOS application that could be used to control some Phillips LED light strip.

I reported it to GitHub and it was removed within 24 hours.

I discovered another repository like this, and they still haven't replied since (one month).

No clue how their malware reports work. I'm surprised they don't partner with some antivirus company to at least scan "releases" for malware (not repositories themselves)

People need to do their due diligence when including open-source software and packages not just when they first use them but anytime you have a need to upgrade them. I highly doubt I'm the first one to think of this, but there really aught to be tool or comprehensive set of tools that routinely scan open-source software and packages for potentially malicious code and alert users of the problem(s).

Adding a link to a malware zip? That seems pretty naive.

Where are all the training-data poisoning repositories? Those set up so the next generation LLMs will be trained to include malware in the code they generate. Isn't that the new kind of supply-chain attack that's probably happening right now?

Is this also a some kind of a Trojan/malware attack?

https://news.ycombinator.com/item?id=48594733

https://pypi.org/project/prylint/

> A Rust reimplementation of pylint that produces byte-for-byte identical output — 15–2300× faster (median ~85×).

> prylint is not "inspired by" pylint. [...] Where pylint has bugs, prylint reproduces them. Where pylint crashes, prylint reports the same crash message.

I reported 100 of them 4 months ago and they were not removed after 3 months. They just don’t care, no one answered the ticket.

Maybe GPG-signing commits helps.

A year ago a similar attack was reported and I think that there have been similar campaigns reported this year: https://github.com/evilsocket/opensnitch/discussions/1290#di...

  - This is a new repository, not a fork
  - All repositories have different contributors and different names
  From the last two points, it becomes clear that even if we find one such repository, we won’t be able to find other similar repositories using it.

In previous campaigns the repositories were linked to a few users. But those users had starred other users, that at the same time had also cloned other repositories with the malware. Sometimes the malicious repository had been cloned from another malicious repo, and if you listed the repositories and "friends" of that user, all were part of the botnet.

Also, github doesn't delete repositories and accounts, they mark them as deleted. If you use their api you can still list them.

This highlights the problem with legacy desktop OSes like Windows, Linux and MacOS: they allow a random program from Internet to get full access to the computer. Windows and Mac display a warning that the program might be malicious, but how is the user supposed to check it? Do Windows and MacOS developers expect every user to disassemble the program? That's just shifting responsibility instead of solving the root issue.

And Linux has no warning and no button to check the program with antivirus before running. How worse could it be?

In comparison, on Android and iOS there are sandboxes, and you can run any program relatively safely as long as you don't grant dangerous permissions and your kernel is not outdated. And even if you grant permissions, the malware still won't be able to read your browser cookies or the messages in your Matrix client.

Linux needs to be better that this. Linux seems to be built on presumption that you either download the code from official repository you trust, or write your own, and doesn't support safe execution of third-party or closed-source programs. For example, if you run proprietary software, it might scan through your data, silently collect your hardware identifiers (like motherboard serial number) to better track and identify you and Linux does not prevent this.

Github should be treated as a toxic waste site. I don't see it ever being secured by Microsoft.

I added keyoxide proofs everywhere. It's not really protection against victims using the wrong repo, but at least people who look can be certain that the person who controls my domain and website is the same person who controls that particular GitHub account.

I did a bit of reversing on it and it looks like it's a copy/fork of Aeternum. It takes screenshot and uploads it to a TA controlled infra, makes some eth_call via json rpc to polygon. the C2 is hosted by Organization: Standart AG, LLC (Latvia) ASN: AS207957

> Why do they delete a commit and push a new one every few hours?

Maybe they want to get into "trending" section, or to have higher position in search results (maybe Github or Google prioritizes repositories updated recently)?

Similar case:

https://news.ycombinator.com/item?id=43203158

https://timsh.org/github-scam-investigation-thousands-of-mod...

It will feel very spooky when they stop updating because of this essay .

This is a failure of malware flagging systems as well - VT should not return clean if there are any downstream files that are malicious - such as in this case.

>The zip archive contains 4 files: Application.cmd or Launcher.cmd loader.exe or luajit.exe or another_name.exe random_name.cso or random_name.txt lua51.dll If you submit a link to the archive to VirusTotal, it will find 0 viruses. If you submit the zip file itself, it will detect a Trojan inside it.

MS Windows

The scary part is how easily malicious repos can blend in with legitimate open-source projects

Any open source tool to scan a github repo before download/install it locally? I'm thinking of semgrep or socket.dev but I wonder if there's a better option

Can anyone tell me if there are similar risks installing software using Brew on macos? I would imagine so.

I got some source code leaked and added a malware on top of it. Not sure what to do with it

This is what it is used for:

https://dev.to/andersoncontreira/warning-to-developers-a-new...

A “recruiter” (sometimes pretending to be a CEO/HR) contacts you. The job looks amazing — above-market salary, remote position, paid in USD, etc. They ask for your CV and GitHub. They say you’re “approved for the next stage” without any real interview. Before the call, they send you a codebase to review or modify as a “technical test.”

When I get one of these, I automatically spin up a cloned VM, and test it there, which for the most part it gets infected immediately. as I watch the VM connect to odd places ( C&C computers ) for which I add any names/IP addresses to my host file, and then spin up another cloned VM, with the adjustments to the hosts file, and watch the malware get all lonely... but once, it was able to escape the VM... so I had to scramble to disinfect both the RM and the VM, and then update, and look around for hardening tools.

Its satisfying to delete an infected VM, with a "Not this time Jack."

is it possible to ban them or report them ?

are there any ci/cd that controls them?

You guys, I think maybe THIS is the Bad Place.

Microsoft: and the one thing we absolutely refuse to use AI for is to flag this kind of bullshit to protect users, because it would violate the rule of "don't do anything actually useful with it".

[flagged]

[flagged]

[dead]

[dead]

[flagged]

[dead]

[dead]

damn 10k ? thats a lot, how did you get them ?

the en-ghettofication of american tech, down to its very open source control projects. a digital ghetto ill maintained if at all.

Hi Claude fable, why u not protecting me from malware? Am i not american enough? Not rich enough? Yieks..