Heimdal
article featured image

Contents:

New vulnerability in GitHub puts more than 4,000 repositories at risk. The flaw turns the code packages vulnerable to repojacking attacks. After researchers reported the vulnerability to GitHub, the code hosting platform released a fix.

Repository hijacking (repojacking) is a technique that enables the threat actor to evade a security mechanism called popular repository namespace retirement and create a fake repository under a legit one`s name.

Simply put, the attacker claims the old username of a code package after the legitimate creator changed the username. Next, they publish a forged repository, under the same name. As a result, the unsuspecting users will confidently download the malicious content on their devices.

What Is the Popular Repository Namespace Retirement

GitHub put in place this security mechanism in order to prevent RepoJacking. In theory, a code package that has over 100 clones at the time its user account is renamed is considered “retired”. The matching of that specific username with the repository name is considered “retired.” Consequently, it cannot be used by others anymore.

However, researchers warn that hackers succeeded to evade this security mechanism. Security specialists revealed that more than 4,000 repositories in those package managers are using renamed usernames.

Circumventing the popular repository namespace retirement enable hackers to create new accounts with the same username. Their next move will be to upload malicious repositories, that could lead to software supply chain attacks. This way, hackers could easily and silently deploy their malware.

In order to avoid becoming a victim, security specialists recommend to avoid using retired namespaces. You should also make sure that there are no dependencies in your applications that can facilitate hijacking the repository.

According to The Hacker News, this is not the first time that GitHub`s security measures are tampered with. Nine months ago, the company had to patch another bypass vulnerability that put repositories and users at risk of a cyberattack.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE