GitHub idawulula zomwe zikuchitika pakupanga mafoloko ndi ma pulojekiti otchuka, ndikuyambitsa kusintha koyipa m'makope, kuphatikiza kumbuyo. Kufufuza dzina la wolandirayo (ovz1.j19544519.pr46m.vps.myjino.ru), yomwe imapezeka kuchokera ku code yoyipa, inawonetsa kukhalapo kwa kusintha kopitilira 35 ku GitHub, komwe kuli mu ma clones ndi mafoloko a nkhokwe zosiyanasiyana, kuphatikiza mafoloko. za crypto, golang, python, js, bash, docker ndi k8s.
Kuwukiraku kumayang'ana kuti wogwiritsa ntchitoyo satsata choyambirira ndipo adzagwiritsa ntchito code kuchokera pa foloko kapena chojambula chokhala ndi dzina losiyana pang'ono m'malo mosungira polojekiti yayikulu. Pakadali pano, GitHub yachotsa kale mafoloko ambiri ndikuyika koyipa. Ogwiritsa ntchito omwe amabwera ku GitHub kuchokera kumainjini osakira amalangizidwa kuti ayang'ane mosamala ubale wa chosungiracho ndi polojekiti yayikulu musanagwiritse ntchito code kuchokera pamenepo.
Khodi yoyipa yowonjezereka idatumiza zomwe zili muzosintha zachilengedwe ku seva yakunja ndi cholinga chobera ma tokeni ku AWS ndi machitidwe ophatikizana mosalekeza. Kuonjezera apo, backdoor inaphatikizidwa mu code, kuyambitsa malamulo a zipolopolo kubwerera pambuyo potumiza pempho kwa seva ya owukira. Zosintha zambiri zoyipa zidawonjezedwa pakati pa 6 ndi 20 masiku apitawo, koma pali nkhokwe zina pomwe ma code oyipa amatha kutsatiridwa mpaka 2015.
Source: opennet.ru