HomeBitcoinMultiple malware attacks are affecting GitHub projects, including cryptocurrency projects.

Multiple malware attacks are affecting GitHub projects, including cryptocurrency projects.


The developer who discovered the vulnerability asked other developers to sign their revisions using the GPG key so that the project’s revision history could be checked.

On a day when thousands of wallets with Solana addresses had millions of dollars’ worth of funds stolen, the important developer platform GitHub came under a pervasive malware attack and reported 35,000 “code hits.”

Stephen Lucy, a GitHub developer who first reported the incident earlier on Wednesday, highlighted the attack’s broad reach. The problem was discovered by the developer as he was looking over a project that he had located via Google.

The attack has so far been discovered to affect a number of projects, including crypto, Golang, Python, JavaScript, Bash, Docker, and Kubernetes. The NPM script, a convenient way to group common shell commands for a project, the install documentation, and the docker images are the targets of the malware attack.

The attacker first makes a fake repository (a repository contains all of the project’s files and each file’s revision history) and pushes clones of legitimate projects to GitHub in order to trick developers and gain access to crucial data. The following two screenshots, for instance, display this legitimate crypto miner project and its clone.

Original crypto mining project. Source: Github

Cloned crypto mining project. Source: Github

These “pull requests,” which permit developers to inform others about changes they have pushed to a branch in a repository on GitHub, were used to push many of these clone repositories.

The entire environment variable (ENV) of the script, application, or laptop (Electron apps) is sent to the attacker’s server as soon as the developer succumbs to the malware attack. The ENV contains a variety of keys, such as access keys for Amazon Web Services, crypto keys, and security keys.

The problem has been reported to GitHub by the developer, who also gave developers the advice to GPG-sign any revisions they make to the repository. GPG keys provide a way to confirm that all revisions come from a reputable source, adding an extra layer of security to GitHub accounts and software projects.


Leave a Reply


For its international payments, Russia is experimenting with a CBDC.

According to reports, Russia intends to develop and use a digital currency for settlements with China. The pilot project for this new currency should be...

The Original name of Bitcoin was actually Something Else.

Finding a name for your technological gem is just as important as creating it. Weinberger, a bitcoin engineer and enthusiast, believes he has found a...

The SEC v. Ripple lawsuit grants Chamber of Digital Commerce permission to participate.

The crypto advocacy group is given "the friend of the court" status. The Chamber of Digital Commerce (CDC), a U.S. advocacy group for cryptocurrencies, has been...

Chinese bans are useless, BTC does not stop.

As Bitcoin trades at $19,275, up 1,822%, the atmosphere is still tight in the cryptocurrency market ahead of the Fed’s interest rate announcement today. However, the...

Follow us


Most Popular

%d bloggers like this: