all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

New Technique to Trick Developers Detected in an Open Source Supply Chain Attack

Add to bookmarks
April 10, 2024, 11:05 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news


In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub’s search functionality, and using meticulously crafted repositories to distribute malware.


Key Points



  • GitHub search manipulation: Attackers create malicious repositories with popular names and topics, using techniques like automated updates and fake stars to boost search rankings and deceive users.

  • Malicious code is often hidden within Visual Studio project files (.csproj or .vcxproj) to evade detection, automatically executing when the project is built.

  • The attacker had set up the stage …

attack attackers automated campaign cybercriminals developers fake github key key points malicious malware manipulation names open source open source supply chain points popular repositories search stars supply supply chain supply chain attack techniques topics updates

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Cyberattack against United Russia claimed by Ukraine 35 minutes ago | malware.news
attack cyberattack distributed initiative +14
US jails former NSA employee for attempting secret sale to Russia 35 minutes ago | malware.news
agency article confidential defense +25
Better identity threat detection sought by new Semperis ML-based tool 35 minutes ago | malware.news
and response article detection detection and response +27
Red Hat's latest enterprise Linux delivers new features to tackle hybrid-cloud complexity an hour ago | malware.news
addition article cloud complexity +13
NASA doesn't know if its spacecraft have adequate cyber defenses, GAO warns an hour ago | malware.news
agency article best practices cyber +11
US warns of Russian hackers targeting operational technology in water systems 2 hours ago | malware.news
advisory breached hackers official +10
Senators grill UnitedHealth CEO on Change Healthcare cyberattack 2 hours ago | malware.news
article ceo change change healthcare +13
‘Uncharted Territory:’ Companies Devise AI Security Policies 3 hours ago | malware.news
ai security businesses companies don +14
Significant drop recorded in FBI searches of Section 702 database 3 hours ago | malware.news
act agency database fbi +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Azure DevSecOps Cloud Engineer II

@ Prudent Technology | McLean, VA, USA
View on infosec-jobs.com

Security Engineer III - Python, AWS

@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
View on infosec-jobs.com

SOC Analyst (Threat Hunter)

@ NCS | Singapore, Singapore
View on infosec-jobs.com

Managed Services Information Security Manager

@ NTT DATA | Sydney, Australia
View on infosec-jobs.com

Senior Security Engineer (Remote)

@ Mattermost | United Kingdom
View on infosec-jobs.com

Penetration Tester (Part Time & Remote)

@ TestPros | United States - Remote
View on infosec-jobs.com
View more jobs