Fake Stars Inflate Popularity of Malicious GitHub Repositories
Cybercriminals Exploit Chrome Web Store to Infect Millions of Users
Malicious Packages Found on Python Package Index and VSCode Marketplace
One Third of Adults Don't Know How to Erase Their Data from an Old Device
New Clickjacking Technique "DoubleClickjacking" Bypasses Security Measures
Fake Stars Inflate Popularity of Malicious GitHub Repositories
https://arxiv.org/pdf/2412.13459
A new study reveals a significant problem with inauthentic "stars" being used to artificially inflate the popularity of scam and malware distribution repositories on GitHub. These fake stars mislead users into trusting malicious projects and potentially downloading malware.
How Fake Stars Work
GitHub users can "star" repositories similar to liking them on social media platforms.
The number of stars is a key factor in how GitHub ranks repositories and recommends them to users.
Malicious actors create fake accounts or compromise existing ones to star malicious repositories, making them appear more popular and trustworthy.
Impact of Fake Stars
Increased Reach for Malicious Projects: Fake stars help malicious repositories reach more unsuspecting users who may be tricked into downloading malware.
Eroded Trust in GitHub: The widespread use of fake stars undermines the overall trust and credibility of the GitHub platform.
Researchers developed a tool called StarScout to analyze user activity and identify patterns indicative of fake stars. StarScout looks for signs of low user activity, bot-like behavior, and coordinated starring activity across multiple accounts.
The study identified 4.5 million suspected fake stars across GitHub. These fake stars were associated with over 15,800 repositories and 278,000 user accounts.
Recommendations for Users
Don't rely solely on the number of stars to judge a repository's legitimacy.
Carefully evaluate the repository's activity, documentation, code quality, and user contributions.
Be cautious when downloading software from GitHub, especially from repositories with few contributions or suspicious activity.
This study highlights the importance of staying vigilant when using GitHub. By being aware of fake stars and other deceptive tactics, users can help protect themselves from malware and other online threats.
Cybercriminals Exploit Chrome Web Store to Infect Millions of Users
A sophisticated cyberattack has compromised at least 35 Chrome browser extensions, potentially exposing over 2.6 million users to data theft and credential stealing.
The campaign began with a phishing attack targeting a Cyberhaven employee, granting attackers access to their Chrome Web Store account. This allowed them to inject malicious code into the Cyberhaven extension, which was subsequently downloaded by numerous users.
Further investigation revealed that this was not an isolated incident. Multiple other extensions, including popular tools for AI assistance, VPNs, and video recording, were also compromised, likely through similar phishing attacks.
These malicious extensions collected user data, including cookies, access tokens, and potentially even sensitive financial information. Some extensions even contained code designed to steal Facebook login credentials.
Attack like these highlights the growing threat of compromised browser extensions. As these extensions often have broad access to user data and browsing activity, they can be a significant entry point for cybercriminals.
Users are advised to exercise caution when installing browser extensions, carefully vetting their source and checking for any suspicious activity. Developers are also urged to implement strong security measures to protect their accounts and prevent unauthorised access.
This ongoing campaign underscores the importance of vigilant security practices in the ever-evolving threat landscape of online activity.
Malicious Packages Found on Python Package Index and VSCode Marketplace
https://www.fortinet.com/blog/threat-research/analyzing-malicious-intent-in-python-code
Cybersecurity researchers have discovered malicious packages uploaded to the Python Package Index (PyPI) and the Visual Studio Code Marketplace. These packages, disguised as legitimate tools for cryptocurrency development and productivity, were designed to steal sensitive information from developers' systems.
The malicious PyPI packages, named "zebo" and "cometlogger," were downloaded hundreds of times before being removed. These packages contained code to steal keystrokes, capture screenshots, and exfiltrate sensitive data, including credentials from popular platforms like Discord, Steam, and Instagram.
Similarly, researchers identified malicious VSCode extensions that targeted cryptocurrency developers and Zoom users. These extensions, often with names resembling legitimate tools, downloaded and executed malicious payloads.
Typosquatting and Fake Reviews
Attackers employed typosquatting techniques, creating packages with names that closely resembled legitimate ones, such as "@typescript_eslinter/eslint" instead of "typescript-eslint." They also inflated download numbers and used fake reviews to make these malicious packages appear more trustworthy.
Impact and Recommendations:
This incident highlights the growing threat of supply chain attacks targeting software development ecosystems. Developers are urged to exercise extreme caution when downloading and installing packages from online repositories.
Key recommendations include:
Thoroughly vetting all packages before installation.
Checking the source and reputation of the developer.
Regularly auditing development environments for potential threats.
This incident serves as a stark reminder of the importance of maintaining a strong security posture throughout the entire software development lifecycle.
One Third of Adults Don't Know How to Erase Their Data from an Old Device
A new survey from the UK's Information Commissioner's Office (ICO) reveals that nearly a third of adults in the UK don't know how to properly wipe their old electronic devices before discarding them. This lack of awareness poses a significant risk to personal data security.
The survey found that while 71% of respondents agree that wiping data from old devices is important, 24% find the process too difficult. Worryingly, 21% of young people (aged 18-34) believe wiping data is unnecessary, compared to just 4% of those over 55. This suggests a concerning lack of awareness among younger generations about the importance of data security.
The ICO emphasizes the importance of securely erasing personal information before disposing of old devices to prevent data breaches and fraud. Simple methods like factory resets can effectively erase most personal data from mobile phones.
With the holiday season approaching and many people expected to purchase new devices, the ICO urges individuals to prioritize data security and properly dispose of their old electronics.
New Clickjacking Technique "DoubleClickjacking" Bypasses Security Measures
https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html
A new cyberattack technique dubbed "DoubleClickjacking" has been discovered, exploiting the timing between double-clicks to bypass existing clickjacking protections. This allows attackers to trick users into unknowingly granting permissions or performing actions on websites, potentially leading to account takeovers and data theft.
DoubleClickjacking leverages the brief window between two mouse clicks to seamlessly redirect users to malicious pages while they interact with seemingly innocuous elements. This method can bypass common security measures like X-Frame-Options and SameSite cookies, which are designed to prevent clickjacking attacks.
While this technique builds upon existing clickjacking methods, it introduces a new layer of complexity that requires a re-evaluation of current security measures. Researchers suggest that browser vendors should consider implementing new standards to specifically address this vulnerability.
This disclosure follows the discovery of another clickjacking variant earlier this year, highlighting the ongoing evolution of cyberattack techniques and the need for continuous vigilance in online security.
Share this post