all InfoSec news
Surprise: When Dependabot Contributes Malicious Code
Sept. 27, 2023, 12:05 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
What Happened?
- In July 2023, our scanners detected nontypical commits to hundreds of GitHub repositories appear to be contributed by Dependabot and carrying malicious code.
- Those commit messages were fabricated by threat actors to appear as a Dependabot automated contribution in the commit history, an attempt to disguise the malicious activity
- After reaching out and talking to some of the victims who got compromised, we can confirm that the victims’ GitHub personal access token was stolen and used by the …
automated code commit messages contributed dependabot github github repositories history july july 2023 malicious messages repositories scanners surprise threat threat actors
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Jobs in InfoSec / Cybersecurity
Information Security Cyber Risk Analyst
@ Intel | USA - AZ - Chandler
Senior Cloud Security Engineer (Fullstack)
@ Grab | Petaling Jaya, Malaysia
Principal Product Security Engineer
@ Oracle | United States
Cybersecurity Strategy Director
@ Proofpoint | Sunnyvale, CA
Information Security Consultant/Auditor
@ Devoteam | Lisboa, Portugal
IT Security Engineer til Netcompany IT Services
@ Netcompany | Copenhagen, Denmark