Slashdot Mirror
Researchers Uncover Ring of GitHub Accounts Promoting 300+ Backdoored Apps (zdnet.com)
An anonymous reader writes: A security researcher has uncovered a ring of malicious GitHub accounts promoting over 300 backdoored Windows, Mac, and Linux applications and software libraries. The malicious apps contained code to gain boot persistence on infected systems and later download other malicious code -- which appeared to be a "sneaker bot," a piece of malware that would add infected systems to a botnet that would later participate in online auctions for limited edition sneakers.
All the GitHub accounts that were hosting these files -- backdoored versions of legitimate apps -- have now been taken down. One account, in particular, registered in the name of Andrew Dunkins, hosted 305 backdoored ELF binaries. Another 73 apps were hosted across 88 other accounts.
All the GitHub accounts that were hosting these files -- backdoored versions of legitimate apps -- have now been taken down. One account, in particular, registered in the name of Andrew Dunkins, hosted 305 backdoored ELF binaries. Another 73 apps were hosted across 88 other accounts.
How many containers that are downloaded regularly to systems also contain malicious code? Do people verify what's being retrieved? I create my own OS containers when building a pod but I'm probably a bit in the minority. When you run that demo and load up an nginx container, are you confident it's not tainted?
[John]
Shit better not happen!