Github, an Internet hosting service used for software development, has been invaded by malware, resulting in thousands of cloned repositories. 

According to the Tweets shared by GitHub Developer Stephen Lacy, over 35,000 repositories have been infected, including crypto, Golang, Python, JavaScript, Bash, Docker, and Kubernetes. 

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe – We publish new crypto explainer videos every week!

Based on the report shared by Bleeping Computer, the repos were not hacked but rather copied and altered to contain malware. The hackers have created a cloned version of an existing project, which contained malicious codes and links. 

Lacy noticed these changes when reviewing a random project found on Google. 

Bleeping Computer claims that a malicious URL link “exfiltrated a user’s environment variables but additionally contained a one-line backdoor”. 

When the user downloads and sets up the project, it provides access to all environment variables (ENV), such as the user’s script, laptop, or app data. This information is immediately sent to the attacker’s server. These variables usually contain sensitive data, such as “API keys, tokens, Amazon AWS credentials, and crypto keys”. 

GitHub later took to Twitter to confirm the malware attack and inform the users that clones were cleaned up or quarantined. 

This is not the first time malicious malware is trying to steal sensitive data. At the end of July, Luca Stealer malware was targeting Windows operating systems and stealing crypto wallet information. 

Overall, it seems that this week is a never-ending crypto hacking cycle. On August 2nd, Nomad had been drained of around $200 million worth of crypto. On the same day, multiple Solana-based crypto wallets have been hacked and robbed for almost $8 million in total. 

by Aaron S. – Expert Reviewer, BitDegree