GitHub is a wildly popular website for developers to create, share, and store their code, but it’s also being increasingly used to spread malware.
Launched in 2008, GitHub quickly became the number one destination for developers. Packed full of features – such as hosting open source code, bug tracking tools, and software requests – GitHub is the perfect one-stop shop for developers looking to collaborate and enhance their software. However, where there’s code, there’s also potential for malware to rear its ugly head. And, in the last few years, GitHub has been exploited by numerous threat actors.
How does GitHub Work?
GitHub is an online repository where developers can come together to pool resources and knowledge to improve their software builds. It may not be something that most of your staff are likely to log on to, but your IT team are likely to use it to manage projects they’re working on. The objective of GitHub is to create a community of friendly developers, but the open membership policy means this doesn’t always go to plan.
Why is GitHub Dangerous?
Threat actors can easily sign up for membership within a matter of minutes, and then they can begin uploading their malicious code under the pretense of being an innocent software project. Quite often, threat actors will sign up with a username previously used by another developer, this is to trick other developers into thinking this is a reputable account. The GitHub community will believe that any repositories uploaded to this account are safe, and they will download them without thinking. And this is when malware can be unknowingly unleashed on unsuspecting networks.
Threat actors are also using GitHub to host command and control servers, which allow attackers to create communication channels into infected devices. Usually, this would be indicated by an unusual domain address in your network traffic. But with GitHub’s credentials being used, this would look less suspicious, especially if you team access GitHub. It’s also convenient, for the threat actors, to use a public service where launching a command control server is much easier than building an infrastructure from scratch.
Finally, GitHub is being used as a storage space for malware, as demonstrated in this fake proof-of-concept software attack. This particular attack allowed the threat actors to exploit a known vulnerability within the Linux operating system, which is commonly used by developers working on GitHub. These attacks can even catch out the security experts, so they underline just how dangerous GitHub can be if you’re not vigilant.
How Can You Work Safely with GitHub?
Threat actors are essentially turning certain parts of GitHub into a malicious website, so it’s crucial you know how to manage this threat. The most effective step you can take is to block access to GitHub on your organization’s network. Your staff are highly unlikely to need to access GitHub anyway, so this makes sense. However, some of your IT staff, and any developers you employ, may still require access to complete their job.
GitHub, of course, isn’t the only legitimate website to be harboring malware. Huge sites such as Dropbox and Google Drive are all capable of delivering malware to unsuspecting members. Therefore, you should only ever download from trusted sources.
For more ways to secure and optimize your business technology, contact your local IT professionals.