It seems they mass- forked existing repos under new user/org names and inserted the code there. Hoping people looking for a specific project would be confused enough to grab the fork. I've also added that host to my firewall config, just to be sure.

GitHub has mass-deleted the forks, users and orgs. But if you inadvertently have downloaded that stuff in the past day(s), before it was deleted, you might be at risk. So check your local repos/containers, CI/CD pipelines and put that host in your firewall is my advice.

@jwildeboer Do you know whether commit tokens were compromised or PRs merged without proper review? Is there another attack vector one should be aware of?

@Tronde It seems they mass- forked existing repos under new user/org names and inserted the code there. Hoping people looking for a specific project would be confused enough to grab the fork.

Sign in to participate in the conversation
social.wildeboer.net

Mastodon instance for people with Wildeboer as their last name