- Security researchers from DFIR.it uncovered a ring of 89 GitHub accounts promoting 73 malicious repos.
- The repos contained over 300 backdoored apps that installed a “sneaker bot” upon installation.
- All of the accounts and the associated repos have been taken down to keep users safe from the malware.
GitHub is the largest open-source code hosting platform that is currently owned by Microsoft. While the website sees millions of active repositories that help users on the platform, there are plenty of malicious accounts posting unsafe apps as well. Security researchers from DFIR.it discovered that 89 GitHub accounts that were caught hosting backdoored apps.
According to the researchers, the backdoored apps on GitHub promoted by the accounts are from a wide range of platforms including Windows, Mac, and Linux. The accounts posted the software libraries of the backdoored apps along with the source code. While users might take up the chance to download these backdoored apps to get free access, they might not realize that the apps are infected with a malware named Supreme NYC Blaze Bot (supremebot.exe).
The Java-based malware found in the backdoored apps on GitHub does not harm user systems in any way. However, the “sneaker bot” would auction for limited edition sneakers on infected systems. The researchers informed GitHub about the infected apps which led to the repositories and the related accounts being taken down. A detailed breakdown of all the apps has been posted in the DFIR blog to help users understand what backdoored apps are capable of and how the exploits function.
All 305 of the infected apps were traced to a user who goes by Andrew Dunkins, but the researchers were not able to uncover any more information about the individual. Some of the apps and games that were backdoored include FFmpeg, EasyModbus, MinGW, GCC and several Java games. The original apps themselves are unaffected by any exploits and users can safely download them from official sources without putting themselves at risk.