Saturday, December 14, 2024
HomeCyber Security NewsMillions of GitHub Repositories Are Vulnerable To RepoJacking

Millions of GitHub Repositories Are Vulnerable To RepoJacking

Published on

SIEM as a Service

An attack called RepoJacking may potentially affect millions of GitHub repositories.

If abused, this vulnerability might result in code execution on the internal networks of organizations or on the networks of their customers. 

This includes the repositories of companies like Google, Lyft, and many others. It has many high-quality targets that are vulnerable to attack.

- Advertisement - SIEM as a Service

About 2.95% of the 1.25 million GitHub repositories examined by AquaSec’s security team, “Nautilus,” were vulnerable to RepoJacking.

How RepoJacking Attack Works?

RepoJacking is an attack in which a hostile actor registers a login and establishes a repository previously used by a company but whose name has subsequently changed.

On GitHub, username and repository name changes are frequent because companies often acquire or merge with another company to get new management, or they may decide to adopt a new brand name.

When this occurs, a redirection is made to prevent projects employing code from renamed repositories from breaking dependencies; however, if the previous name is registered, the redirection is rendered invalid.

repo

By doing this, any code or project that depends on the attacked project’s dependencies will retrieve those dependencies and other code from the attacker-controlled repository, which may include malware.

As an alternative, the same thing may occur if control of a repository is handed to another user and the original account is removed, enabling an attacker to start an account with the old username.

A threat actor may gather a list of distinct repositories using services like GHTorrent to harvest GitHub metadata linked to public commits and pull requests.

According to the information shared with Cyber Security News, the findings imply that millions of repositories may be susceptible to a similar assault, given that GitHub has over 330 million repositories.

One such repository is Google/mathsteps, formerly owned by Socratic (socraticorg/mathsteps), a business that Google purchased in 2018.

“When you access https://github.com/socraticorg/mathsteps, you are being redirected to https://github.com/google/mathsteps so eventually the user will fetch Google’s repository,” the researchers said.

“However, because the socraticorg organization was available, an attacker could open the socraticorg/mathsteps repository, and users following Google’s instructions will clone the attacker’s repository instead.

And because of the npm install, this will lead to arbitrary code execution on the users.”

Millions of vulnerable repositories

GitHub has safeguards against RepoJacking attacks since it is aware of this risk. Reports indicate that the remedies provided thus far are insufficient and simple to get around.

Because GitHub, for instance, only shields the most well-known projects, the supply chain breach also affects the lesser-known, more susceptible projects that depend on them.

Also, a repository’s name is changed, and GitHub safeguards it with over 100 clones, a sign of malicious planning.

This protection does not cover projects that gained popularity after being given a new name or changing ownership.

Mitigation

  • Check your repositories regularly for any links that might pull resources from outside GitHub repositories, as references to projects like Go modules could, at any point, alter their names.
  • If you change your company’s name, be sure you still own the former name—even if it’s only a placeholder—to stop intruders from using it.

Manage and secure Your Endpoints Efficiently â€“ Free Download

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Nigerian National Extradited to Nebraska for Wire Fraud Charges

United States Attorney Susan Lehr announced the extradition of Abiola Kayode, 37, from Nigeria...

Dell Security Update, Patch for Multiple Critical Vulnerabilities

Dell Technologies has released a security advisory addressing multiple critical vulnerabilities that could expose...

CISA Issues 10 New Advisories on Industrial Control System Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten critical advisories, highlighting vulnerabilities...

FBI Seizes Rydox Marketplace, Arrests Key Administrators

The Federal Bureau of Investigation (FBI) announced the seizure of Rydox, an illicit online...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Nigerian National Extradited to Nebraska for Wire Fraud Charges

United States Attorney Susan Lehr announced the extradition of Abiola Kayode, 37, from Nigeria...

Dell Security Update, Patch for Multiple Critical Vulnerabilities

Dell Technologies has released a security advisory addressing multiple critical vulnerabilities that could expose...

CISA Issues 10 New Advisories on Industrial Control System Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten critical advisories, highlighting vulnerabilities...