BVTech San Antonio | Next-Gen Managed IT Services

BVTech San Antonio | Next-Gen Managed IT Services

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

Posted by on | Featured | No Comments

A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers.
“The malicious code exfiltrates the GitHub project’s defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

en_US
es_MX en_US