Heimdal
Home > Cybersecurity News

GitHub Vulnerability Exposes Over 4,000 Repositories to Repojacking Attacks

Threat Actors Could Forge Accounts and Upload Malicious Repositories.

Last updated on September 13, 2023

article featured image

Contents:

New vulnerability in GitHub puts more than 4,000 repositories at risk. The flaw turns the code packages vulnerable to repojacking attacks. After researchers reported the vulnerability to GitHub, the code hosting platform released a fix.

Repository hijacking (repojacking) is a technique that enables the threat actor to evade a security mechanism called popular repository namespace retirement and create a fake repository under a legit one`s name.

Simply put, the attacker claims the old username of a code package after the legitimate creator changed the username. Next, they publish a forged repository, under the same name. As a result, the unsuspecting users will confidently download the malicious content on their devices.

What Is the Popular Repository Namespace Retirement

GitHub put in place this security mechanism in order to prevent RepoJacking. In theory, a code package that has over 100 clones at the time its user account is renamed is considered “retired”. The matching of that specific username with the repository name is considered “retired.” Consequently, it cannot be used by others anymore.

However, researchers warn that hackers succeeded to evade this security mechanism. Security specialists revealed that more than 4,000 repositories in those package managers are using renamed usernames.

Circumventing the popular repository namespace retirement enable hackers to create new accounts with the same username. Their next move will be to upload malicious repositories, that could lead to software supply chain attacks. This way, hackers could easily and silently deploy their malware.

In order to avoid becoming a victim, security specialists recommend to avoid using retired namespaces. You should also make sure that there are no dependencies in your applications that can facilitate hijacking the repository.

According to The Hacker News, this is not the first time that GitHub`s security measures are tampered with. Nine months ago, the company had to patch another bypass vulnerability that put repositories and users at risk of a cyberattack.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Related Articles

Patch Management Policy Guide [Free Template Inside]What Is Vulnerability Management [Everything You Need to Know]Application Control 101: Definition, Features, Benefits, and Best PracticesSix Patch Management Best Practices [Updated 2024]Hackers Stole GitHub Desktop and Atom Code-Signing CertificatesWhat Is Malware? Definition, Types and Protection

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V