Apiiro researchers recently discovered a malicious repository confusion campaign that has impacted over 100,000 GitHub repositories. Matan Giladi, security researcher at Apiiro, joined me to deep dive into the finding. With these kinds of campaigns, bad actors can deliver any kind of payload as customers will be literally running the code base created by attackers. “They can do anything, their code running on your machine directly, no limitations, and nothing is checking it. This is why it made so much noise,” said Giladi.

Key takeaways

Malicious repository tampering campaign

• Researchers discover a malicious impersonation campaign targeting GitHub repositories.
• Giladi discusses the malicious goals of attackers, including stealing credentials, adding binary executables to wallet applications, and tampering with hardware companies.
• Giladi suspects a particular individual or group is behind these attacks, but cannot confirm until proof is available.

Software security and the importance of code analysis

• Developers must understand code origins to prevent supply chain attacks.
• Developers are not solely responsible for security, platforms like GitHub must also take responsibility.

GitHub security, malware detection, and developer awareness

• GitHub does a great job at protecting their repos.
• Developers should be aware of security practices and company culture plays a crucial role in preventing security incidents.

Configuring campaigns and avoiding infection

• Developers prioritize functionality over security, making it challenging to address security issues in code.
• Giladi advises users to check their cloned repositories for malware and change passwords after infection.
• Developers can use code scanning services to detect security incidents, but existing services have limitations.

Guest: Matan Giladi (LinkedIn)
Company: Apiiro (Twitter)
Show: Let’s Talk