Github Escapes from Octopus Malware that Affected its 26 Software Projects – Disposable mail news


Github, a platform where every malicious software report is equally different in its place, manages to escape from a malware threat.  Github, an organization that united the world’s largest community of coders and software developers, revealed that hackers exploited an open-source platform on its website to distribute malware. The hackers used a unique hacking tool that enabled backdoors in each software project, which the hackers used to infiltrate the software systems.

“While we have seen many cases where the software supply chain was compromised by hijacking developer credentials or typosquatting popular package names, a malware that abuses the build process and its resulting artifacts to spread is both interesting and concerning for multiple reasons,” said Github on its security blog.
Fortunately, the hackers attempt to exploit the open-source platform was unsuccessful. Still, if it were, on the contrary, hackers could’ve secured a position in the softwares, which were to be used later by corporate applications and other websites.

Since recent times, open-source websites have become a primary target for hackers. It is because once the hackers exploit backdoor vulnerabilities on open-source platforms, thousands of apps are exposed to remote code execution. As for Github, the company’s website currently has more than 10 Million users.
In the Github incident, 26 software projects were infected through malicious codes, which is a severe warning for the potential threat of the open-source compromises. The experts have identified the malware as “Octopus Scanner,” which is capable of stealing data by deploying remote access codes.

The malware spread with the help of projects using software called Apache Beans, tells Github.
“On March 9, we received a message from a security researcher informing us about a set of GitHub-hosted repositories that were, presumably unintentionally, actively serving malware. After a deep-dive analysis of the malware itself, we uncovered something that we had not seen before on our platform: malware designed to enumerate and backdoor NetBeans projects, and which uses the build process and its resulting artifacts to spread itself,” says Github on its blog.
These attacks can be highly threatening as the tactics used here gives the hackers access to various systems.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Search Git for High Entropy Strings with Commit History – 10 minute mail

usage: trufflehog [h] [json] [regex] [rules RULES]

                  [entropy DO_ENTROPY] [since_commit SINCE_COMMIT]

                  [max_depth MAX_DEPTH]

                  git_url

 

Find secrets hidden in the depths of git.

 

positional arguments:

  git_url               URL for secret searching

 

optional arguments:

  h, help            show this help message and exit

  json                Output in JSON

  regex               Enable high signal regex checks

  rules RULES         Ignore default regexes and source from json list file

  entropy DO_ENTROPY  Enable entropy checks

  since_commit SINCE_COMMIT

                        Only scan from a given commit hash

  max_depth MAX_DEPTH

                        The max commit depth to go back when searching for

                        secrets

  i INCLUDE_PATHS_FILE, include_paths INCLUDE_PATHS_FILE

                        File with regular expressions (one per line), at least

                        one of which must match a Git object path in order for

                        it to be scanned; lines starting with “#” are treated

                        as comments and are ignored. If empty or not provided

                        (default), all Git object paths are included unless

                        otherwise excluded via the exclude_paths option.

  x EXCLUDE_PATHS_FILE, exclude_paths EXCLUDE_PATHS_FILE

                        File with regular expressions (one per line), none of

                        which may match a Git object path in order for it to

                        be scanned; lines starting with “#” are treated as

                        comments and are ignored. If empty or not provided

                        (default), no Git object paths are excluded unless

                        effectively excluded via the include_paths option.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.