GitHub invites hackers for repojacking30. October 2022
GitHub invites hackers for repojacking
San Francisco, Oct. 30, 2022
GitHub has patched a bug that allowed hackers to hijack other people’s repositories. The bug allowed users to employ a method known as repojacking. Repojacking is a method that threat actors use to break into GitHub repositories. Essentially, they open an account with an old username that belonged to someone else. This way, they gain access to the repositories that belonged to the old account and can automatically install malware on those links.
GitHub tried several solutions but could not stop the attacks. A research firm explained that the bug found in GitHub’s security log, which was later patched by the company, may have allowed hackers to bypass these measures.
If a threat actor were to infect an open source project, it could theoretically infect millions of users whose applications are based on those projects.
In early 2022, many threat actors used repojacking by cloning multiple repositories and attempting to spread malware via the code in those repositories.
In 2020, for example, Microsoft’s GitHub account was hacked by Shiny Hunters. Theconsequence: a data loss worth 500 GB .
GitHub’s OAuth tokens have been a controversial topic, with many companies suffering data breaches due to a flaw in the technology. Heroku has admitted that this bug caused credentials and other data to be stolen by hackers.