Malware campaign on GitHub...
by Jan K. from LinuxQuestions.org on (#6K147)
Quote:
Saw that today over at el Reg... https://www.theregister.com/2024/03/...fork_campaign/
Should be a piece of cake for the Ms AI one would perhaps think?
Otoh, saw a couple of years ago that Ms would use AI to help with Ms updates and anyone following how that circus has turned out, then perhaps not.
Secure supply chain is of utmost importance these days...
| A malware distribution campaign that began last May with a handful of malicious software packages uploaded to the Python Package Index (PyPI) has spread to GitHub and expanded to reach at least 100,000 compromised repositories. According to security firm Apiiro, the campaign to poison code involves cloning legitimate repos, infecting them with malware loaders, uploading the altered files to GitHub under the same name, then forking the poisoned repo thousands of times and promoting the compromised code in forums and on social media channels. |
Should be a piece of cake for the Ms AI one would perhaps think?
Otoh, saw a couple of years ago that Ms would use AI to help with Ms updates and anyone following how that circus has turned out, then perhaps not.
Secure supply chain is of utmost importance these days...