Security News > 2022 > August > 35,000 code repos not hacked—but clones flood GitHub to serve malware
Thousands of GitHub repositories were forked with their clones altered to include malware, a software engineer discovered today.
While cloning open source repositories is a common development practice and even encouraged among developers, this case involves threat actors creating copies of legitimate projects but tainting these with malicious code to target unsuspecting developers with their malicious clones.
The single-line instruction further allows remote attackers to execute arbitrary code on systems of all those who install and run these malicious clones.
The most recent commits containing the malicious URL made to GitHub today are mostly from defenders, including threat intel analyst Florian Roth who has provided Sigma rules for detecting the malicious code in your environment.
Ironically, some GitHub users began erroneously reporting Sigma's GitHub repo, maintained by Roth, as malicious on seeing the presence of malicious strings inside Sigma rules.
GitHub has removed the malicious clones from its platform as of a few hours ago, BleepingComputer can observe.