Alert! Kaspersky Find Hidden Malware On GitHub And GitLab Links
JAKARTA - GitHub and GitLab are software development platforms, where developers can upload their code, and other developers can offer additions, improvements, or even create alternative forks from apps.
If users find bugs in an application, they can report them to the developer by creating a problem report. And then, other users can confirm this problem in the comments.
If necessary, you can attach files to comments, such as screenshots showing errors or documents that strike apps.
However, GitHub has one uniqueness, where if the user has a comment and uploads the accompanying file, but doesn't click "Publish", the information will remain "trapped" in the draft, and is not visible to other app owners and GitHub users.
However, the link directly to the uploaded file in the comment remains and is fully functioning, whoever follows it will receive the file from the CDN GitHub.
Thanks to the ability to publish foreign files on links containing the word GitHub with the names of leading developers and popular projects, cybercriminals are given the opportunity to carry phishing attacks.
Kaspersky managed to find a dangerous campaign, where researchers saw a comment', which allegedly contained a cheat app for the game, in Microsoft's repository.
“Pengguna yang waspada mungkin bertanya-tanya mengapa cheat gim ada di repositori Microsoft: https://github{.}com/microsoft/vcpkg/files/…../Cheat.Lab.zip. Namun kemungkinan besar kata kunci “GitHub” dan “Microsoft” akan meyakinkan korban, sehingga mereka tidak akan mengkhawatirkan tautan tersebut lebih jauh,” kata perusahaan keamanan siber itu.
SEE ALSO:
Meanwhile, the owner of the repository where the file was posted in the comments could not delete or block it. They don't even know it.
"Smarter cybercriminals may disguise malware more carefully, for example by displaying it as a new version of the app distributed via GitHub or GitLab and posting links via comments on the app." he continued.
The only solution is to completely disable comments (at GitHub, you can do this for up to six months), but this will remove feedback from the developer.