GitHub projects are being targeted with malicious action in apparent attempt to frame this researcher
Date:
Mon, 18 Nov 2024 19:44:00 +0000
Description:
A threat actor seems to be impersonating a security researcher in an attempt to defame them.
FULL STORY ======================================================================Maliciou s commits found in Exo Labs' GitHub account They were submitted, and pointed to, a Texas-based security researcher The malware does not exist, and the researcher claims someone is impersonating him
Someone has been breaking into GitHub projects, injecting malicious code ,
and seemingly trying to discredit a researcher by accusing them of the hack.
Executives from AI and machine learning startup Exo Labs have warned someone tried to submit new changes to the code in the companys GitHub repository.
The added code was innocent looking, and was titled clarify mlx requirement for deepseek models, and in order to hide the code from scrutiny, the
attacker converted it to a number equivalent. However, the submission was analyzed before being pushed to the repository, and it was quickly discovered that it tried to connect to the evildojo[dot]com, to download the stage one payload. The researchers determined that there was no payload on the server and that it simply returned a 404 error. Hidden Risk
Drilling deeper into the attack, the researchers discovered that the evildojo domain, as well as the GitHub accounts associated with the attack, all
pointed to a researcher named Mike Bell - a security researcher and a white-hat hacker from Texas. He denies any involvement with the attack and claims it was all an attempt to ruin his good name.
"Not me, an impersonator. Notice account deleted. Very sorry people are being dragged into some skid's beef w/ me," BleepingComputer cited Bell saying
about the attacks. There was never any payload...why do people keep assuming there was?, he added.
When questioned about the incident on X, Bell clarified that whoever was behind the attack never got access to his domain, never got the payload on
his site, and that all Bell did was piss someone off, apparently.
Given that anyone can create a GitHub account impersonating someone else, and since there was no malicious payload or harm caused, the idea of a smear campaign seems plausibleespecially since Bell is actively involved in the cybersecurity community, albeit from the opposing side.
Via BleepingComputer You might also like North Korean hackers are targeting Apple users with new macOS malware Here's a list of the best firewalls today These are the best endpoint protection tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/github-projects-are-being-targeted-with -malicious-action-in-apparent-attempt-to-frame-researcher
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)