Users of the largest open source software repository GitHub have discovered more than 35 thousand clones of popular libraries infected with malware. About it writes Kommersant, citing software developer Stephen Lacy, who first reported the problem and called it “widespread malware attack”.
Representatives of the international community consider the incident dangerous, since users without verification of products may not distinguish a copy of the code from its original and, using malicious libraries, infect their systems. It is also noted that the appearance of such a code prevents users from receiving updates and significantly reduces the development of their own products based on open source. According to available data, in some clones of libraries, for example, in the Python language, defects have appeared, using which attackers can gain unauthorized access to data.
Experts assess the degree of danger of the incident for Russian developers in different ways. According to Pavel Korostelev, Head of Product Promotion at Code of Security, the threat is relevant for developers who use open source to create internal solutions. He noted that companies often check such code less carefully, since the speed of the final product is an important aspect. Dmitry Shmoylov, head of the Kaspersky Lab software security department, believes that all developers using the relevant libraries can suffer.
Recall that since February of this year, specialized Russian companies have noted a sharp increase in the number of malicious elements (bookmarks) in open source software hosted in storages. According to available data, by June their number had increased by 20 times compared to last year. In some cases, the bookmarks may have contained provocative content or calls for politically motivated action.
In Russia, the appearance of the national repository was scheduled for December 2022, which follows from the draft government decree of February 10. According to available data, the document is currently at the stage of public comment. Control over the creation of the domestic repository is exercised by the Ministry of Digital Development. It is planned to host open source software products developed by departments and subjects of the Russian Federation, as well as commercial companies.
If you notice an error, select it with the mouse and press CTRL + ENTER.