I recently stumbled upon and reported the repository on GitHub that distributes malware. It's been a week since and no response.
Even though their automated mail said they're experiencing higher volumes, I can't help but wonder what's going on or if I did something wrong.
Do GitHub people care about malware reports?
Forum rules
The Off-Topic area is a general community discussion and chat area with special rules of engagement.
Enter, read and post at your own risk. You have been warned!
While our staff will try to guide the herd into sensible directions, this board is a mostly unrestricted zone where almost anything can be discussed, including matters not directly related to the project, technology or similar adjacent topics.
We do, however, require that you:
Please do exercise some common sense. How you act here will inevitably influence how you are treated elsewhere.
The Off-Topic area is a general community discussion and chat area with special rules of engagement.
Enter, read and post at your own risk. You have been warned!
While our staff will try to guide the herd into sensible directions, this board is a mostly unrestricted zone where almost anything can be discussed, including matters not directly related to the project, technology or similar adjacent topics.
We do, however, require that you:
- Do not post anything pornographic.
- Do not post hate speech in the traditional sense of the term.
- Do not post content that is illegal (including links to protected software, cracks, etc.)
- Do not post commercial advertisements, SEO links or SPAM posts.
Please do exercise some common sense. How you act here will inevitably influence how you are treated elsewhere.
-
UCyborg
- Keeps coming back
- Posts: 941
- Joined: 2019-01-10, 09:37
- Location: Slovenia
Do GitHub people care about malware reports?
The Merovingian wrote:Choice is an illusion, created between those with power, and those without.
-
UCyborg
- Keeps coming back
- Posts: 941
- Joined: 2019-01-10, 09:37
- Location: Slovenia
Re: Do GitHub people care about malware reports?
It's been almost 3 weeks since the report to GitHub itself and still nothing.
https://www.virustotal.com/gui/file/3f22e6637afd4b7c99477855465ab102aa29d24f5a8fcced7ed68148f483c545
Somehow, the only reason it ended up on VirusTotal, is me.
Arbitrary ZIP inserted into the source tree, the malicious author force-pushes the same commit multiple times a day to inflate his contribution count, a legitimate developer would totally do that. /s
Repo was published as new, bypassing fork function (valid way to go in some cases, but the ill-intent in this case), readme changed to direct user to the malicious payload, the ZIP itself contains Lua interpreter, obfuscated script and a CMD to invoke Lua interpreter to execute the script. The script silently generates additional executables and installs scheduled tasks to run them.
That report on VirusTotal is not complete, it doesn't answer the question what generated executables do.
And that POS appears on top on popular search engines while the legitimate repo is hidden from plain sight. 😠 Though I haven't figured out Gradle / Java to get it to run...
https://www.virustotal.com/gui/file/3f22e6637afd4b7c99477855465ab102aa29d24f5a8fcced7ed68148f483c545
Somehow, the only reason it ended up on VirusTotal, is me.
Arbitrary ZIP inserted into the source tree, the malicious author force-pushes the same commit multiple times a day to inflate his contribution count, a legitimate developer would totally do that. /s
Repo was published as new, bypassing fork function (valid way to go in some cases, but the ill-intent in this case), readme changed to direct user to the malicious payload, the ZIP itself contains Lua interpreter, obfuscated script and a CMD to invoke Lua interpreter to execute the script. The script silently generates additional executables and installs scheduled tasks to run them.
That report on VirusTotal is not complete, it doesn't answer the question what generated executables do.
And that POS appears on top on popular search engines while the legitimate repo is hidden from plain sight. 😠 Though I haven't figured out Gradle / Java to get it to run...
The Merovingian wrote:Choice is an illusion, created between those with power, and those without.
-
BenFenner
- Keeps coming back
- Posts: 902
- Joined: 2015-06-01, 12:52
- Location: US Southeast
-
Lucio Chiappetti
- Keeps coming back
- Posts: 918
- Joined: 2014-09-01, 15:11
- Location: Milan Italy
Re: Do GitHub people care about malware reports?
I do not know whether to expect a response ... yesterday I just made a spam report (suspected malware) but it was the first time.
A curious form of academic-targeted spam ... a mail to "undisclosed recipients" from a fake address at Salamanca university disguised as EduCloud announcing "some large files for download on our secure server" (!), with a link pointing to github.
After checking with other colleagues they had received it too ... I tried if there was an abuse report form on github.
Apparently the support area is only for subscribers ... as I had an account though never use it, I tried it ... and could not find an obvious abuse report form ... I used the closest thing, and that was scanned by some form of AI, which agreed that it was possible spam and finally disclosed the link to the abuse report area. After an audio captcha (the new fashion ?) the report was submitted ... but actually I did not expect a reply (but an action).
The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. (G.B. Shaw)